Google Sign-In for Rails allowed redirect to protocol-relative URI
It is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL.
Advisories for Gem/Google_sign_in package
2025
Google Sign-In for Rails allowed redirects to malformed URLs
It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin.