Rschultheis

**Name of the Vulnerable Software and Affected Versions** Doorkeeper::OpenidConnect versions 1.4.x through 1.5.3 **Description** The issue allows for an open redirect via the `redirect uri` field in an OAuth authorization request, resulting in an error response when the 'openid' scope and a `prompt=none` value are used. This can be exploited for phishing attacks against the authorization flow. **Recommendations** For versions 1.4.x through 1.5.3, consider restricting the use of the `redirect uri` field in OAuth authorization requests with the 'openid' scope and a `prompt=none` value to prevent open redirects. As a temporary workaround, restrict access to the authorization flow to minimize the risk of phishing attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ruby-grape (affected versions not specified) **Description** The ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via the `format` parameter. This issue allows for potential XSS attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.