A code injection attack happens when an attacker changes the value of an input or a parameter in a way that causes unexpected behavior in a website (such as a Login with Amazon client). A code injection attack is possible when a website does not validate incoming data before acting on it.
Login with Amazon client websites should validate data coming from the authorization service
, especially the
state parameter, before acting on it. Login with Amazon clients should also validate customer profile
data if they use it programmatically.