漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Incorrect signature verification on Google-oauth-java-client
Vulnerability Description
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Google google-oauth-java-client 数据伪造问题漏洞
Vulnerability Description
Google google-oauth-java-client(Google OAuth Client Library for Java)是美国谷歌(Google)公司的一款基于Java的Google OAuth(开放授权)客户端库。 Google google-oauth-java-client 存在安全漏洞,该漏洞源于 IDToken 验证器不验证令牌是否正确签名。
CVSS Information
N/A
Vulnerability Type
N/A