Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-22573

Опубликовано: 03 мая 2022
Источник: nvd
CVSS3: 8.7
CVSS3: 7.3
CVSS2: 3.5
EPSS Низкий

Описание

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:google:oauth_client_library_for_java:*:*:*:*:*:*:*:*
Версия до 1.33.3 (исключая)

EPSS

Процентиль: 17%
0.00055
Низкий

8.7 High

CVSS3

7.3 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-347
CWE-347

Связанные уязвимости

ubuntu логотип

CVE-2021-22573

CVSS3: 8.7
ubuntu
почти 4 года назад

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

redhat логотип

CVE-2021-22573

CVSS3: 7.3
redhat
почти 4 года назад

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

debian логотип

CVE-2021-22573

CVSS3: 8.7
debian
почти 4 года назад

The vulnerability is that IDToken verifier does not verify if token is ...

suse-cvrf логотип

SUSE-SU-2024:0806-1

suse-cvrf
почти 2 года назад

Security update for google-oauth-java-client

github логотип

GHSA-hw42-3568-wj87

CVSS3: 7.3
github
почти 2 года назад

google-oauth-java-client improperly verifies cryptographic signature

EPSS

Процентиль: 17%
0.00055
Низкий

8.7 High

CVSS3

7.3 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-347
CWE-347