Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/google_sign_in@0.1.4
Typegem
Namespace
Namegoogle_sign_in
Version0.1.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.3.1
Latest_non_vulnerable_version1.3.1
Affected_by_vulnerabilities
0
url VCID-j8qu-1q3k-r3gp
vulnerability_id VCID-j8qu-1q3k-r3gp
summary Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a session cookie may be vulnerable, if this can be chained with an attack that allows injection of arbitrary data into the session cookie. This issue has been patched in version 1.3.0. If upgrading is not possible at this time, a way to mitigate the chained attack can be done by explicitly setting SameSite=Lax or SameSite=Strict on the application session cookie.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57821
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18629
published_at 2026-06-11T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18792
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57821
1
reference_url https://github.com/basecamp/google_sign_in
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/basecamp/google_sign_in
2
reference_url https://github.com/basecamp/google_sign_in/commit/a0548a604fb17e4eb1a57029f0d87e34e8499623
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/basecamp/google_sign_in/commit/a0548a604fb17e4eb1a57029f0d87e34e8499623
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google_sign_in/CVE-2025-57821.yml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google_sign_in/CVE-2025-57821.yml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57821
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57821
5
reference_url https://github.com/basecamp/google_sign_in/pull/73
reference_id 73
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T18:52:45Z/
url https://github.com/basecamp/google_sign_in/pull/73
6
reference_url https://github.com/basecamp/google_sign_in/commit/85903651201257d4f14b97d4582e6d968ac32f15
reference_id 85903651201257d4f14b97d4582e6d968ac32f15
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T18:52:45Z/
url https://github.com/basecamp/google_sign_in/commit/85903651201257d4f14b97d4582e6d968ac32f15
7
reference_url https://github.com/advisories/GHSA-7pwc-wh6m-44q3
reference_id GHSA-7pwc-wh6m-44q3
reference_type
scores
url https://github.com/advisories/GHSA-7pwc-wh6m-44q3
8
reference_url https://github.com/basecamp/google_sign_in/security/advisories/GHSA-7pwc-wh6m-44q3
reference_id GHSA-7pwc-wh6m-44q3
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T18:52:45Z/
url https://github.com/basecamp/google_sign_in/security/advisories/GHSA-7pwc-wh6m-44q3
9
reference_url https://github.com/basecamp/google_sign_in/releases/tag/v1.3.0
reference_id v1.3.0
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T18:52:45Z/
url https://github.com/basecamp/google_sign_in/releases/tag/v1.3.0
fixed_packages
0
url pkg:gem/google_sign_in@1.3.0
purl pkg:gem/google_sign_in@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sckd-vak1-bkam
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/google_sign_in@1.3.0
aliases CVE-2025-57821, GHSA-7pwc-wh6m-44q3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8qu-1q3k-r3gp
1
url VCID-sckd-vak1-bkam
vulnerability_id VCID-sckd-vak1-bkam
summary Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library or the calling application. However, it may be possible to set this session value from a malicious site with a form submission. Any Rails applications using the google_sign_in gem may be vulnerable, if this vector can be chained with another attack that is able to modify the OAuth2 request parameters. This issue has been patched in version 1.3.1. There are no workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58067
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18629
published_at 2026-06-11T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18792
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58067
1
reference_url https://github.com/basecamp/google_sign_in
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/basecamp/google_sign_in
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google_sign_in/CVE-2025-58067.yml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google_sign_in/CVE-2025-58067.yml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58067
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58067
4
reference_url https://github.com/basecamp/google_sign_in/pull/75
reference_id 75
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:52:36Z/
url https://github.com/basecamp/google_sign_in/pull/75
5
reference_url https://github.com/basecamp/google_sign_in/commit/e97aef4626b1bcbd2c6f01f7dd25f12ac855d4cc
reference_id e97aef4626b1bcbd2c6f01f7dd25f12ac855d4cc
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:52:36Z/
url https://github.com/basecamp/google_sign_in/commit/e97aef4626b1bcbd2c6f01f7dd25f12ac855d4cc
6
reference_url https://github.com/advisories/GHSA-5jch-xhw4-r43v
reference_id GHSA-5jch-xhw4-r43v
reference_type
scores
url https://github.com/advisories/GHSA-5jch-xhw4-r43v
7
reference_url https://github.com/basecamp/google_sign_in/security/advisories/GHSA-5jch-xhw4-r43v
reference_id GHSA-5jch-xhw4-r43v
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:52:36Z/
url https://github.com/basecamp/google_sign_in/security/advisories/GHSA-5jch-xhw4-r43v
8
reference_url https://github.com/basecamp/google_sign_in/releases/tag/v1.3.1
reference_id v1.3.1
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:52:36Z/
url https://github.com/basecamp/google_sign_in/releases/tag/v1.3.1
fixed_packages
0
url pkg:gem/google_sign_in@1.3.1
purl pkg:gem/google_sign_in@1.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/google_sign_in@1.3.1
aliases CVE-2025-58067, GHSA-5jch-xhw4-r43v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sckd-vak1-bkam
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/google_sign_in@0.1.4