libapache2-mod-auth-openidc is vulnerable to open redirect. When provided with a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url()
does not properly check for URLs that start with /\t
, leading to an open redirect.