Need detail

Security review: unvalidated redirect in OAuth callback

Review the following code snippet for security vulnerabilities and suggest fixes. Code: ``` // OAuth callback handler app.get('/auth/callback', async (req, res) => { const { code, state, redirect_uri } = req.query; const token = await exchangeCode(code as string); // Redirect user back to where they came from res.redirect(redirect_uri as string); }); ``` Focus areas: open redirect vulnerability, unvalidated redirect_uri allows phishing via token theft Deliverable: 1. List each vulnerability found with severity (Critical/High/Medium/Low) 2. Explain the attack vector for each vulnerability 3. Provide a corrected code snippet with the fixes applied 4. Rate the overall security posture of the code (1-10) Format: Markdown with numbered vulnerability sections.