Google Oauth Java Client
Approved changes feed: RSS · Atom
cpe:2.3:a:google_llc:google-oauth-java-client:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Google Llc (c72c74b5-1c39-5d47-98b8-8dacb6f7d99a) |
|---|---|
| Product | Google Oauth Java Client (a9af5c74-58d2-50b2-b978-41ace1507493) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-22573 |
vulnerable | 2026-06-03 14:43:53.243423 |
Incorrect signature verification on Google-oauth-java-client
HIGH (8.7)
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above
Published: 2022-05-03T15:45:12.000Z
Updated: 2025-04-21T13:54:18.220Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.