Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError
Summary OTPHP\Factory::loadFromProvisioningUri parses an attacker-supplied otpauth:// URI and forwards every query key to OTP::setParameter$key, $value. setParameter resolves the name with propertyexists$this, $parameter and performs a dynamic write $this-$parameter = $value src/OTP.php:196-197...