CVE-2025-58067

Name of the Vulnerable Software and Affected Versions Basecamp's google sign in gem versions prior to 1.3.1

Description The gem persists a URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly passes the "same origin" check, potentially redirecting a user to another origin after authentication. This could result in exposure of authentication information if chained with other attacks that modify OAuth2 request parameters. Any Rails applications using the gem may be vulnerable if this vector can be chained with another attack.

Recommendations Update to version 1.3.1 or later.