CVE Vulnerability

CVE-2020-8910

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9 Patch Third Party Advisory
https://github.com/google/closure-library/releases/tag/v20200315 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:google:closure_library:*:*:*:*:*:*:*:*
Information

Published : 2020-03-26 12:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-8910

Mitre link : CVE-2020-8910

Products Affected
No products.
CWE
NVD-CWE-noinfo