14 matches found
CVE-2026-46455
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...
CVE-2026-46455
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...
CVE-2026-46455
CVE-2026-46455 affects Apache Camel with the camel-keycloak component. The security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) that only enforces subject and issuer, but omits the default IS_ACTIVE check. Consequently, the verifie...
CVE-2026-46455 Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...
EUVD-2025-37118
Malicious code in epic-offline-token-verifier-node npm...
MAL-2025-49175 Malicious code in epic-offline-token-verifier-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d755e02a54f806e25e06d5d8ba4fd6ade573af32d55fbabf9180d2967448a446 The package epic-offline-token-verifier-node was found to contain malicious code...
Malicious code in epic-offline-token-verifier-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d755e02a54f806e25e06d5d8ba4fd6ade573af32d55fbabf9180d2967448a446 The package epic-offline-token-verifier-node was found to contain malicious code...
GHSA-HW42-3568-WJ87 google-oauth-java-client improperly verifies cryptographic signature
Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims e.g., iss, aud, etc.. Signature verification makes sure that the token's payload comes from valid provider, not from someone...
google-oauth-client: Token signature not verified
A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...
The vulnerability of the IDToken verifier in the client-side Java OAuth library allows a perpetrator to load arbitrary files.
The vulnerability of the IDToken verifier in the client Java OAuth library is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to download arbitrary files remotely...
google-oauth-client: Token signature not verified
A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...
@solid/community-server (=0.4.1) potentially affected by unknown CVE via @solid/identity-token-verifier (=0.4.3)
@solid/identity-token-verifier NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on @solid/identity-token-verifier and may be impacted: - @solid/community-server =0.4.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XMH9-RG6F-J3MR...
GHSA-XMH9-RG6F-J3MR Verification flaw in Solid identity-token-verifier
Impact Severity Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession DPoP token binding. This vulnerability could give total and complete access to a targeted Pod. Summary A verification flaw in th...
Verification flaw in Solid identity-token-verifier
Impact Severity Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession DPoP token binding. This vulnerability could give total and complete access to a targeted Pod. Summary A verification flaw in th...