{"vulnerability": "CVE-2021-22573", "sightings": [{"uuid": "144e842d-a630-4948-9cb9-8551520ef442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22573", "type": "seen", "source": "https://t.me/arpsyndicate/4568", "content": "#ExploitObserverAlert\n\nCVE-2021-22573\n\nDESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2021-22573. The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above\n\nFIRST-EPSS: 0.000570000\nNVD-IS: 5.2\nNVD-ES: 2.1\nARPS-EXPLOITABILITY: 0.5856688", "creation_timestamp": "2024-04-12T08:45:22.000000Z"}, {"uuid": "e0f4a5b6-f994-4baf-b12b-37cdf4628f78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22573", "type": "seen", "source": "https://t.me/cKure/9574", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2021-22573: High-Severity Bug Reported in Google's OAuth Client Library for Java.\n\nhttps://thehackernews.com/2022/05/high-severity-bug-reported-in-googles.html", "creation_timestamp": "2022-05-21T06:12:07.000000Z"}, {"uuid": "ce11ad70-d717-4d91-a925-1847acc215be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22573", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12659", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-22573\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above\n\ud83d\udccf Published: 2022-05-03T15:45:12.000Z\n\ud83d\udccf Modified: 2025-04-21T13:54:18.220Z\n\ud83d\udd17 References:\n1. https://github.com/googleapis/google-oauth-java-client/pull/872", "creation_timestamp": "2025-04-21T14:02:18.000000Z"}, {"uuid": "cad1187a-9dd3-491e-931a-6e9695f29790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22573", "type": "seen", "source": "https://t.me/cibsecurity/41833", "content": "\u203c CVE-2021-22573 \u203c\n\nThe vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T20:34:05.000000Z"}]}