VYPR

Google Sign In

by Basecamp

Source repositories

CVEs (2)

  • CVE-2025-58067MedAug 29, 2025
    risk 0.20cvss 4.2epss 0.00

    Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and…

  • CVE-2025-57821MedAug 27, 2025
    risk 0.20cvss 4.2epss 0.00

    Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash…