CVE-2018-20840

Name of the Vulnerable Software and Affected Versions: google-api-cpp-client versions prior to 2019-04-10

Description: The issue is related to an unhandled exception during Google Sign-In with the Google API C++ Client. This exception can cause a denial-of-service, leading to an outage of third-party services that rely on this client for authentication. The problem arises from the misinterpretation of an integer as a string during ID token handling. A malicious user can exploit this by triggering the client to receive an ID token from a Google authentication server, potentially preventing other users from logging in to the affected third-party service.

Recommendations: For versions prior to 2019-04-10, update to a version released after 2019-04-10 to resolve the issue. As a temporary workaround, consider implementing exception handling for ID token processing to prevent service outages. Restrict access to the google-api-cpp-client until the update is applied to minimize the risk of exploitation.