Google OAuth Client is vulnerable to token validation bypass. The function IdTokenVerifier validate any token with custom payload as valid token if the token is properly signed.
CPE | Name | Operator | Version |
---|---|---|---|
google oauth client library for java | le | 1.33.2 | |
google oauth client library for java | le | 1.33.2 |