@cloudflare/workers-oauth-provider is vulnerable to PKCE bypass. The vulnerability is due to missing enforcement of PKCE verification caused by a flaw in the OAuth implementation that lets attackers skip the code challenge check, allowing an attacker to intercept and redeem authorization codes for unauthorized…Read More