CVE-2020-8910

EPSS 0.07%
Published 26.03.2020 12:15:12
Last modified 21.11.2024 05:39:40
Source cve-coordination@google.com
Teams watchlist Login
Open Login

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Closure Library Version < 20200315

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.189

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
cve-coordination@google.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-625 Permissive Regular Expression

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9

Patch

Third Party Advisory

https://github.com/google/closure-library/releases/tag/v20200315

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8910

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8910

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8910

EUVD