GHSA-G8X5-P9QC-CF95 @fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
Impact All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be...