Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021484 advisory. The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid...

OESA-2025-2434 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

OESA-2025-2433 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

OESA-2025-2432 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

OESA-2025-2429 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

EUVD-2020-0119

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-22573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from...

SUSE CVE-2020-26244

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...

CVE-2021-22573

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

UBUNTU-CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

Input validation

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

CVE-2021-22573 Incorrect signature verification on Google-oauth-java-client

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

CVE-2021-22573

CVE-2021-22573 involves Google OAuth Client Library for Java where IdTokenVerifier may bypass verification because the signature is not checked before claims verification. The vulnerability allows an attacker to present a compromised IdToken with a modified payload that could pass client-side val...

Google google-oauth-java-client 数据伪造问题漏洞

Google google-oauth-java-client Google OAuth Client Library for Java is a Java-based Google OAuth Open Authorization client library from Google, Inc. A security vulnerability exists in Google google-oauth-java-client, which stems from the IDToken authenticator not verifying that tokens are proper...

Multiple cryptographic issues in Python oic

Impact Client implementations using this library Issues 1 The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2 JWA none algorithm was allowed in all flows. 3 oic.consumer.Consumer.parseauthz returns an unverified IdToken. Th...

GHSA-4FJV-PMHG-3RFG Multiple cryptographic issues in Python oic

Impact Client implementations using this library Issues 1 The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2 JWA none algorithm was allowed in all flows. 3 oic.consumer.Consumer.parseauthz returns an unverified IdToken. Th...

Cipher Downgrade Attack

oic is vulnerable to cipher downgrade attacks. The vulnerability exists as the IdToken signature algorithm is not checked automatically, and that the JWA none algorithm is always allowed, and that the IdToken returned from oic.consumer.Consumer.parseauthz is not verified, and the iat claim is not...