GHSA-HW42-3568-WJ87 google-oauth-java-client improperly verifies cryptographic signature

Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims e.g., iss, aud, etc.. Signature verification makes sure that the token's payload comes from valid provider, not from someone...

google-oauth-client: Token signature not verified

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

The vulnerability of the IDToken verifier in the client-side Java OAuth library allows a perpetrator to load arbitrary files.

The vulnerability of the IDToken verifier in the client Java OAuth library is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to download arbitrary files remotely...

google-oauth-client: Token signature not verified

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...