CVE-2020-7692

Name of the Vulnerable Software and Affected Versions com.google.oauth-client:google-oauth-client versions prior to 1.31.0

Description The issue is related to the implementation of PKCE support for OAuth 2.0 in Native Apps, which does not follow the RFC. This allows an attacker to intercept the authorization code and use it to gain unauthorized access to protected resources. The attacker can obtain the authorization code using a malicious app on the client-side.

Recommendations For versions prior to 1.31.0, update to version 1.31.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to verify the client that issued the initial authorization request, although the exact measures are not specified in the provided information.