Vendor
Authorizer is vulnerable to unvalidated redirect URI injection in multiple endpoints, allowing attackers to steal password reset tokens, magic link tokens, and full authentication tokens by redirecting users to attacker-controlled sites.