From thehackernews.com
![Google's OAuth Client Library for Java](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjALy9QMXTUv6ySyu_gytORGXUFbFnfcP5yvZm5Q_Kh3izl6dVLvh3ErdT7eMropcP3J1HII1l5Ugb9f29fbOB2ExRE5EcKbo68O0r3gUWpDV_Y9YLjIlj7E-qDho4D10EspE2n4EQPfta0S-aQvmOPKVTDWYoKOunotUfSxwDxRFE1Rx__L1b_ix7-/s728-e1000/google.jpg)
Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads.
Tracked asĀ CVE-2021-22573, the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication bypass in the library that stems from an improper verification of the cryptographic signature.