OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...

The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect