Lucene search
Veracode Vulnerability DatabaseVERACODE:35355HistoryMay 04, 2022 - 10:25 a.m.
Token Validation Bypass
2022-05-0410:25:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
0.001 Low
EPSS
Percentile
23.8%
Google OAuth Client is vulnerable to token validation bypass. The function IdTokenVerifier validate any token with custom payload as valid token if the token is properly signed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| google oauth client library for java | le | 1.33.2 | |
| google oauth client library for java | le | 1.33.2 |
Related
nvd
nvd
CVE-2021-22573
2022-05-03 16:15:18
cvelist
cvelist
CVE-2021-22573 Incorrect signature verification on Google-oauth-java-client
2022-05-03 15:45:12
redhat
redhat
ibm
ibm
Security Bulletin: Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass (CVE-2021-22573)
2023-06-29 15:05:06
prion
prion
Input validation
2022-05-03 16:15:00
nessus
nessus
openSUSE 15 Security Update : google-oauth-java-client (SUSE-SU-2024:0806-1)
2024-03-08 00:00:00
debiancve
debiancve
CVE-2021-22573
2022-05-03 16:15:18
thn
thn
High-Severity Bug Reported in Google's OAuth Client Library for Java
2022-05-19 10:05:00
osv
osv
Improper Verification of Cryptographic Signature in google-oauth-java-client
2022-05-04 00:00:22
CVE-2021-22573
2022-05-03 16:15:18
google-oauth-java-client improperly verifies cryptographic signature
2024-04-09 15:11:24
ubuntucve
ubuntucve
CVE-2021-22573
2022-05-03 00:00:00
redhatcve
redhatcve
CVE-2021-22573
2022-05-04 22:57:15
cve
cve
CVE-2021-22573
2022-05-03 16:15:18
github
github
google-oauth-java-client improperly verifies cryptographic signature
2024-04-09 15:11:24