@avlidienbrunn discovered a flaw in our parsing of URLs used for redirection when processing an OAuth authorization request. An attacker could have exploited this flaw on a limited number of OAuth applications to redirect users from GitHub.com to another site and gain access to an OAuth application as another user.

An OAuth application was only vulnerable to this flaw if it is hosted on a third-party provider that allows customers to map arbitrary domains names to their hosting service. For example, let us say that an OAuth application is configured on https://YourOauthApp.com and it has a CNAME record that maps this domain to a hosting provider. If the hosting provider supports it, an attacker could register https://YourOauthApp.com.. on the same provider and it would have been considered a valid OAuth redirection URL by GitHub. We have addressed this issue by improving our redirect URL checking.