2 matches found
CVE-2021-22573
CVE-2021-22573 involves Google OAuth Client Library for Java where IdTokenVerifier may bypass verification because the signature is not checked before claims verification. The vulnerability allows an attacker to present a compromised IdToken with a modified payload that could pass client-side val...
CVE-2020-7692
CVE-2020-7692 affects the Google OAuth Client Library for Java (com.google.oauth-client:google-oauth-client) prior to 1.31.0. The issue is that PKCE is not implemented per OAuth 2.0 RFC for native apps, meaning an authorization code could be intercepted by a malicious app and used to gain access ...