2 matches found
Google Sign-In for Rails allowed redirect to protocol-relative URI
Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...
GHSA-7PWC-WH6M-44Q3 Google Sign-In for Rails allowed redirects to malformed URLs
Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...