GHSA-X3F4-V83F-7WP2 Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri
Hi, I found that 6 endpoints in Authorizer accept a user-controlled redirecturi and append sensitive tokens to it without validating the URL against AllowedOrigins. The OAuth /app handler validates redirecturi at httphandlers/app.go:46, but the GraphQL mutations and verifyemail handler skip...