Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/google-oauth-client-java@1.34.1-2?distro=trixie

Type deb

Namespace debian

Name google-oauth-client-java

Version 1.34.1-2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1tna-9vdx-tbg5

vulnerability_id VCID-1tna-9vdx-tbg5

summary The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22573.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22573.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22573

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17631
published_at	2026-06-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17791
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22573

reference_url

https://github.com/googleapis/google-oauth-java-client

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/googleapis/google-oauth-java-client

reference_url

https://github.com/googleapis/google-oauth-java-client/commit/c634ad4e31cac322bb1aa8a9feb0569749011bf0

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/googleapis/google-oauth-java-client/commit/c634ad4e31cac322bb1aa8a9feb0569749011bf0

reference_url

https://github.com/googleapis/google-oauth-java-client/pull/872

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/googleapis/google-oauth-java-client/pull/872

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010657
reference_id	1010657
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010657

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2081879
reference_id	2081879
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2081879

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22573

reference_id

CVE-2021-22573

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22573

reference_url

https://github.com/advisories/GHSA-hw42-3568-wj87

reference_id

GHSA-hw42-3568-wj87

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hw42-3568-wj87

reference_url

https://github.com/googleapis/google-oauth-java-client/security/advisories/GHSA-hw42-3568-wj87

reference_id

GHSA-hw42-3568-wj87

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/googleapis/google-oauth-java-client/security/advisories/GHSA-hw42-3568-wj87

reference_url	https://access.redhat.com/errata/RHSA-2022:4932
reference_id	RHSA-2022:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4932

reference_url	https://access.redhat.com/errata/RHSA-2022:5030
reference_id	RHSA-2022:5030
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5030

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:7177
reference_id	RHSA-2022:7177
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7177

fixed_packages

url	pkg:deb/debian/google-oauth-client-java@1.33.3-1?distro=trixie
purl	pkg:deb/debian/google-oauth-client-java@1.33.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/google-oauth-client-java@1.33.3-1%3Fdistro=trixie

url	pkg:deb/debian/google-oauth-client-java@1.34.1-2?distro=trixie
purl	pkg:deb/debian/google-oauth-client-java@1.34.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/google-oauth-client-java@1.34.1-2%3Fdistro=trixie

aliases CVE-2021-22573, GHSA-hw42-3568-wj87

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tna-9vdx-tbg5

url VCID-24zg-76th-b7a9

vulnerability_id VCID-24zg-76th-b7a9

summary PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7692.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7692.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7692

reference_id

reference_type

scores

value	0.00091
scoring_system	epss
scoring_elements	0.25684
published_at	2026-06-11T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25884
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7692

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7692
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7692

reference_url

https://github.com/googleapis/google-oauth-java-client

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/googleapis/google-oauth-java-client

reference_url

https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824

reference_url

https://github.com/googleapis/google-oauth-java-client/issues/469

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/googleapis/google-oauth-java-client/issues/469

reference_url

https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7692

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7692

reference_url

https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276

reference_url

https://tools.ietf.org/html/rfc7636%23section-1

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tools.ietf.org/html/rfc7636%23section-1

reference_url

https://tools.ietf.org/html/rfc8252%23section-8.1

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tools.ietf.org/html/rfc8252%23section-8.1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1856376
reference_id	1856376
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1856376

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944
reference_id	988944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944

reference_url

https://github.com/advisories/GHSA-f263-c949-w85g

reference_id

GHSA-f263-c949-w85g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f263-c949-w85g

reference_url	https://access.redhat.com/errata/RHSA-2023:0560
reference_id	RHSA-2023:0560
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0560

reference_url	https://access.redhat.com/errata/RHSA-2023:0777
reference_id	RHSA-2023:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0777

reference_url	https://access.redhat.com/errata/RHSA-2023:3299
reference_id	RHSA-2023:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3299

reference_url	https://access.redhat.com/errata/RHSA-2023:6172
reference_id	RHSA-2023:6172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6172

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

url pkg:deb/debian/google-oauth-client-java@1.28.0-2?distro=trixie

purl pkg:deb/debian/google-oauth-client-java@1.28.0-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1tna-9vdx-tbg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/google-oauth-client-java@1.28.0-2%3Fdistro=trixie

url	pkg:deb/debian/google-oauth-client-java@1.34.1-2?distro=trixie
purl	pkg:deb/debian/google-oauth-client-java@1.34.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/google-oauth-client-java@1.34.1-2%3Fdistro=trixie

aliases CVE-2020-7692, GHSA-f263-c949-w85g

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-24zg-76th-b7a9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/google-oauth-client-java@1.34.1-2%3Fdistro=trixie

Package Instance