Updated advisory posts against rubysec/ruby-advisory-db@351d21d

jasnow · RubySec CI · commit ca8a7feb22c9 · 2025-08-28T21:43:12.000Z
diff --git a/advisories/_posts/2025-08-27-CVE-2025-57821.md b/advisories/_posts/2025-08-27-CVE-2025-57821.md
@@ -0,0 +1,63 @@
+---
+layout: advisory
+title: 'CVE-2025-57821 (google_sign_in): Google Sign-In for Rails allowed redirects
+  to malformed URLs'
+comments: false
+categories:
+- google_sign_in
+advisory:
+  gem: google_sign_in
+  cve: 2025-57821
+  ghsa: 7pwc-wh6m-44q3
+  url: https://github.com/basecamp/google_sign_in/security/advisories/GHSA-7pwc-wh6m-44q3
+  title: Google Sign-In for Rails allowed redirects to malformed URLs
+  date: 2025-08-27
+  description: |
+    ### Summary
+
+    It is possible to craft a malformed URL that passes the "same origin"
+    check, resulting in the user being redirected to another origin.
+
+    ### Details
+
+    The google_sign_in gem persists an optional URL for redirection after
+    authentication. If this URL is malformed, it's possible for the user
+    to be redirected to another origin after authentication, possibly
+    resulting in exposure of authentication information such as the token.
+
+    Normally the value of this URL is only written and read by the library.
+    If applications are configured to store session information in a
+    database, there is no known vector to exploit this vulnerability.
+    However, applications may be configured to store this information
+    in a session cookie, in which case it may be chained with a session
+    cookie attack to inject a crafted URL.
+
+    ### Impact
+
+    Rails applications configured to store the `flash` information in
+    a session cookie may be vulnerable, if this can be chained with an
+    attack that allows injection of arbitrary data into the session cookie.
+
+    ### Workarounds
+
+    If you are unable to upgrade this library, then you may mitigate
+    the chained attack by explicitly setting `SameSite=Lax` or
+    `SameSite=Strict` on the application session cookie.
+
+    ### Credits
+
+    This issue was responsibly reported by Hackerone user
+    [muntrive](https://hackerone.com/muntrive?type=user).
+  cvss_v3: 4.2
+  patched_versions:
+  - ">= 1.3.0"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-57821
+    - https://github.com/basecamp/google_sign_in/security/advisories/GHSA-7pwc-wh6m-44q3
+    - https://github.com/basecamp/google_sign_in/releases/tag/v1.3.0
+    - https://github.com/basecamp/google_sign_in/commit/a0548a604fb17e4eb1a57029f0d87e34e8499623
+    - https://github.com/basecamp/google_sign_in/pull/73
+    - https://github.com/basecamp/google_sign_in/commit/85903651201257d4f14b97d4582e6d968ac32f15
+    - https://github.com/advisories/GHSA-7pwc-wh6m-44q3
+---
