CVE-2021-22573 @ Maven-com.google.oauth-client:google-oauth-client-1.30.3 #48
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-com.google.oauth-client:google-oauth-client-1.30.3 in branch master
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above.
Namespace: SamHeadrickCx
Repository: easybuggy4sb
Repository Url: https://github.com/SamHeadrickCx/easybuggy4sb
CxAST-Project: SamHeadrickCx/easybuggy4sb
CxAST platform scan: 3776f006-a82c-4067-99d1-88d4ec11b623
Branch: master
Application: easybuggy4sb
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-347
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: NONE
Remediation Upgrade Recommendation: 1.33.3
References
Advisory
Pull request
Commit
Release Note
Issue
The text was updated successfully, but these errors were encountered: