If the an attacker gets old a valid access token he/she can take over an account by changing the email.
Use new endpoint which additionally requires an authentication cookie (handle in sync engine and transport).
This is the root advisory that pulls the changes together.
GHSA-9rm2-w6pq-333m
Impact
If the an attacker gets old a valid access token he/she can take over an account by changing the email.
Patches
Use new endpoint which additionally requires an authentication cookie (handle in sync engine and transport).
This is the root advisory that pulls the changes together.
References
GHSA-9rm2-w6pq-333m