CSRF in Biafra Dancer2::plugin::auth::oauth::provider

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback me…

Vulnerability class: CSRF (Cross-Site Request Forgery)

Affected products

Weakness classification (CWE)

References