Open Redirect

Overview googlesignin is a Sign in or up with Google for Rails applications Affected versions of this package are vulnerable to Open Redirect via the proceedto value in the session store when it is set to a protocol-relative URL. An attacker can redirect users to an unintended origin by submittin...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

GHSA-5JCH-XHW4-R43V Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...