CVE-2025-57821

Name of the Vulnerable Software and Affected Versions: Basecamp Google Sign-In versions prior to 1.3.0

Description: A malformed URL can bypass the "same origin" check, potentially redirecting users to an unintended origin. This issue affects Rails applications using the library and storing flash information in a session cookie, which could be chained with an attack that allows arbitrary data injection into the session cookie.

Recommendations: Basecamp Google Sign-In versions prior to 1.3.0: Upgrade to version 1.3.0 or later. Basecamp Google Sign-In versions prior to 1.3.0: If upgrading is not possible, explicitly set SameSite=Lax or SameSite=Strict on the application session cookie to mitigate the chained attack.