Published: 03/05/2022 Updated: 10/05/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.3 | Impact Score: 5.2 | Exploitability Score: 2.1

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Subscribe to Oauth Client Library For Java

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

Vulnerable Product	Search on Vulmon	Subscribe to Product
google oauth client library for java

Debian Bug report logs - #1010657 google-oauth-client-java: CVE-2021-22573 - IdTokenVerifier does not verify the signature of ID Token Package: src:google-oauth-client-java; Maintainer for src:google-oauth-client-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Neil Williams <cod ...

Synopsis Important: Red Hat Camel for Spring Boot 3145 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 3142 to 3145) is now available for Camel for Spring Boot The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product S ...

Synopsis Important: Red Hat Fuse Online 7102P1 security update Type/Severity Security Advisory: Important Topic A patch update (from 7101 to 7102P1) is now available for Red Hat Fuse Online The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this upd ...

Synopsis Important: Red Hat Fuse 7102P1 security update Type/Severity Security Advisory: Important Topic A patch update (from 7102 to 7102P1) is now available for Red Hat on OpenShift for EAP, Karaf, and Spring Boot The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product S ...

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

The vulnerability is that IDToken verifier does not verify if token is properly signed Signature verification makes sure that the token's payload comes from valid provider, not from someone else An attacker can provide a compromised token with custom payload The token will pass the validation on the client side We recommend upgrading to version ...

Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2020-29582, CVE-2022-24329 Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2020-29582, CVE-2021-22573, CVE-2022-2625, CVE-2022-24329, CVE-2022-29170 Affected products and versions are listed below Plea ...

Certivus - Threat assessment using dependency check google-oauth-client-1312jar CVE-2021-22573 The vulnerability is that IDToken verifier does not verify if token is properly signed Signature verification makes sure that the token's payload comes from valid provider, not from someone else An attacker can provide a compromised token with custom payload The token will

CWE-347 https://github.com/googleapis/google-oauth-java-client/pull/872 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010657 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-22573

CVE-2021-22573

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect