16 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021491)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021491 advisory. PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorizatio...
OESA-2025-2432 google-oauth-java-client security update
Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2020-7692 and CVE-2021-22573)
Summary There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caus...
Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Asset Management application (CVE-2020-7692 and CVE-2021-22573)
Summary Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Asset Management application CVE-2020-7692 and CVE-2021-22573 Vulnerability Details CVEID:CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypas...
Security Bulletin: A security vulnerability has been identified in Google OAuth Client shipped with IBM Tivoli Netcool Impact (CVE-2021-22573)
Summary Google OAuth Client is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Google OAuth Client has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a...
GHSA-XH97-72WW-2W58 Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hw42-3568-wj87. This link is maintained to preserve external references. Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the...
ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3), ai.h2o:h2o-persist-gcs (>=3.20.0.1 <=3.32.1.5) +1916 more potentially affected by CVE-2020-7692 via com.google.oauth-client:google-oauth-client (>=1.10.0-beta <=1.30.6)
com.google.oauth-client:google-oauth-client MAVEN version =1.10.0-beta, =1.4.2, =3.20.0.1, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =0.1.2, =19.9.0, =19.9.0, =19.9.0, =19.9.1, =19.9.0, =20.3.2-2 and more Source cves: CVE-2020-7692 Source advisory:...
GHSA-F263-C949-W85G Improper Authorization in Google OAuth Client
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
DEBIAN-CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692 Improper Authorization
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3), ai.h2o:h2o-persist-gcs (>=3.20.0.1 <=3.32.1.5) +1916 more potentially affected by CVE-2020-7692 via com.google.oauth-client:google-oauth-client (>=1.10.0-beta <=1.30.6)
com.google.oauth-client:google-oauth-client MAVEN version =1.10.0-beta, =1.4.2, =3.20.0.1, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =0.1.2, =19.9.0, =19.9.0, =19.9.0, =19.9.1, =19.9.0, =20.3.2-2 and more Source cves: CVE-2020-7692 Source advisory:...