Carlosmintfan

**Name of the Vulnerable Software and Affected Versions** Socialstream versions prior to 6.2 **Description** The issue arises when linking a social account to an already authenticated user, as there is a lack of a confirmation step, introducing a security risk. This risk is increased if `->stateless()` is used in the Socialite configuration, bypassing state verification. To mitigate this, developers should ensure users explicitly confirm account linking and avoid configurations that skip critical security checks. Socialstream v6.2 introduces a new custom route requiring users to "Confirm" or "Deny" a request to link a social account. **Recommendations** For versions prior to 6.2, upgrade to Socialstream v6.2 to introduce a confirmation step for linking social accounts, enhancing security measures. As a temporary workaround, consider implementing a manual confirmation process for social account linking until the upgrade is possible. Restrict access to configurations that use `->stateless()` in the Socialite configuration to minimize the risk of exploitation. Avoid using configurations that bypass state verification until the issue is resolved.