CVE-2020-8910

EPSS 0.07%
Veröffentlicht 26.03.2020 12:15:12
Zuletzt bearbeitet 21.11.2024 05:39:40
Quelle cve-coordination@google.com
Teams Watchlist Login
Unerledigt Login

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Closure Library Version < 20200315

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.189

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
cve-coordination@google.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-625 Permissive Regular Expression

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9

Patch

Third Party Advisory

https://github.com/google/closure-library/releases/tag/v20200315

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8910

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8910

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8910

EUVD