Vulnerability Description
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Closure Library | < 20200315 |
Related Weaknesses (CWE)
References
- https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adfPatchThird Party Advisory
- https://github.com/google/closure-library/releases/tag/v20200315Third Party Advisory
- https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adfPatchThird Party Advisory
- https://github.com/google/closure-library/releases/tag/v20200315Third Party Advisory
FAQ
What is CVE-2020-8910?
CVE-2020-8910 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authorit...
How severe is CVE-2020-8910?
CVE-2020-8910 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8910?
Check the references section above for vendor advisories and patch information. Affected products include: Google Closure Library.