CSRF in Biafra Dancer2::plugin::auth::oauth::provider
CVE-2026-12746
Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback me…
Vulnerability class: CSRF (Cross-Site Request Forgery)
Affected products
- Biafra Dancer2::plugin::auth::oauth::provider — versions 0