CSRF in Cornelius Plack::middleware::oauth

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code a…

Vulnerability class: CSRF (Cross-Site Request Forgery)

Affected products

Weakness classification (CWE)

References