1. OAuth Security Flaw: Unencoded Authorization Code Opens Door to Parameter Injection
A critical OAuth implementation flaw has been identified where an authorization code is directly interpolated into a token exchange URL without proper URL encoding. This vulnerability, located in `src/asfquart/generics.py`, allows an authorization code containing URL-special characters (&, =, #, %) to malform the reque...