GMS-2020-277: Improper Authorization in googleapis

September 2, 2020 (updated September 27, 2021)

Versions of googleapis are vulnerable to Improper Authorization. Setting credentials to one client may apply to all clients which may cause requests to be sent with the incorrect credentials.

References

github.com/advisories/GHSA-7543-mr7h-6v86
github.com/googleapis/google-api-nodejs-client/issues/1594
www.npmjs.com/advisories/791

Code Behaviors & Features

Detect and mitigate GMS-2020-277 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →