Google Sign-In for Rails allowed redirects to malformed URLs
It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin.
Advisories for Gem/Google_sign_in package
2025
It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin.