CVE-2025-55750: Gitpod Frag Leak Open Redirect
An unvalidated 'returnTo' parameter is captured from the request and embedded into a signed JWT used for OAuth flow state. If the application redirects to this embedded URL without validation, it is vulnerable to an Open Redirect. Furthermore, if the framework does not append a fragment separator ('#') to outgoing redirects, sensitive tokens from the OAuth c
TSgreprules fetch cve-2025-55750-gitpod-frag-leak-open-redirect --engine opengrepDescription
An unvalidated 'returnTo' parameter is captured from the request and embedded into a signed JWT used for OAuth flow state. If the application redirects to this embedded URL without validation, it is vulnerable to an Open Redirect. Furthermore, if the framework does not append a fragment separator ('#') to outgoing redirects, sensitive tokens from the OAuth c
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0