Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021491)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021491 advisory. PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorizatio...

OESA-2025-2432 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data

Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...

google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2020-7692 and CVE-2021-22573)

Summary There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caus...

Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Asset Management application (CVE-2020-7692 and CVE-2021-22573)

Summary Security Bulletin: There is a vulnerability in google-oauth-client-1.25.0.jar used by IBM Maximo Asset Management application CVE-2020-7692 and CVE-2021-22573 Vulnerability Details CVEID:CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypas...

google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

Security Bulletin: Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass (CVE-2021-22573)

Summary Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a remote attacker to...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...

Security Bulletin: A security vulnerability has been identified in Google OAuth Client shipped with IBM Tivoli Netcool Impact (CVE-2021-22573)

Summary Google OAuth Client is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Google OAuth Client has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a...

Important: Red Hat Security Advisory: Red Hat Fuse Online 7.10.2.P1 security update

A patch update from 7.10.1 to 7.10.2.P1 is now available for Red Hat Fuse Online. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Important: Red Hat Security Advisory: Red Hat Fuse 7.10.2.P1 security update

A patch update from 7.10.2 to 7.10.2.P1 is now available for Red Hat on OpenShift for EAP, Karaf, and Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of...

GHSA-XH97-72WW-2W58 Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hw42-3568-wj87. This link is maintained to preserve external references. Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the...

ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3), ai.h2o:h2o-persist-gcs (>=3.20.0.1 <=3.32.1.5) +1916 more potentially affected by CVE-2020-7692 via com.google.oauth-client:google-oauth-client (>=1.10.0-beta <=1.30.6)

com.google.oauth-client:google-oauth-client MAVEN version =1.10.0-beta, =1.4.2, =3.20.0.1, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =0.1.2, =19.9.0, =19.9.0, =19.9.0, =19.9.1, =19.9.0, =20.3.2-2 and more Source cves: CVE-2020-7692 Source advisory:...

GHSA-F263-C949-W85G Improper Authorization in Google OAuth Client

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

JFrog Artifactory < 7.10.2 Authentication Bypass

An authentication bypass vulnerability exists in JFrog Artifactory prior to 7.10.2 due to a vulnerability in google-oauth-client library. An unauthenticated, remote attacker can exploit this, by a using malicious app on the client-side to obtain the authorization code and use it to gain...

Security Bulletin: a security update of the google oauth client library to version 1.31.0 for CVE-2020-7692.

Summary This fix is a security update of the google oauth client library to version 1.31.0 for CVE-2020-7692. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Spectrum LSF| 10.1...

CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...