Improper Host Detection During Team Up on tweetdeck.twitter.com

Hi Give this url ```https://twitter.com/teams/authorize?target_screen_name=&authorize_callback=https%3A%2F%2F%0Agoogle.com%[email protected]``` to any authorised user for team up and after authorization of his 2nd account he will be redirected to ```google.com``` . First I tried to make it malicious with adding ```%0Agoogle.com%5C@x``` but it not redirected me but after adding %0Agoogle.com%5C@x```.twitter.com``` in it, this redirected me to google.com. Which shows in this endpoint url isn't properly validating the Host after login. Vulnerable Url: ```https://twitter.com/teams/authorize?target_screen_name=&authorize_callback=https%3A%2F%2F%0Agoogle.com%[email protected]``` Malicious point: ```%0Agoogle.com%[email protected]``` PoC video attached With Best Regards ## Impact Impact: Attacker can use this for tricking users to Phising attacks.