CVE-2020-8910 – google-closure-library

Package

Manager: npm
Name: google-closure-library
Vulnerable Version: >=0 <20200315.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00072 pctl0.22499

Details

Improper Input Validation in Google Closure Library A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation -- update your library to version v20200315.

Metadata

Created: 2021-05-07T16:06:34Z
Modified: 2021-05-06T20:57:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-vh5w-fg69-rc8m/GHSA-vh5w-fg69-rc8m.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-vh5w-fg69-rc8m
Finding: F184
Auto approve: 1