@homakov discovered that Referer headers could be leaked through cross-origin image requests. In combination with a previously reported vulnerability in our OAuth redirect URI path parsing, this could lead to the disclosure of sensitive information passed to Gist on OAuth redirects. We remediated this issue by making more robust checks when rewriting links to our image proxy. In addition, the rel attribute is set to noreferrer on all links in a Gist. Previously, this was set only for Gists marked as private.

This vulnerability has received extra points due to its severity when combined with other reported vulnerabilities.