PT-2026-29832
Name of the Vulnerable Software and Affected Versions: Nhost versions prior to 0.48.0 Description: Nhost's auth service OAuth provider callback flow includes the refresh token directly in the redirect URL as a query parameter. This can lead to exposure of the refresh token in browser history,...