CVE-2020-8910 is a vulnerability in Google Closure Library
Published on March 26, 2020
Auth Bypass in Google's Closure-Library
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
Vulnerability Analysis
CVE-2020-8910 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Permissive Regular Expression
The product uses a regular expression that does not sufficiently restrict the set of allowed values.
Products Associated with CVE-2020-8910
Want to know whenever a new CVE is published for Google Closure Library? stack.watch will email you.
Affected Versions
Google Closure-Library:- Version v20200224, <= v20200224 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2020-8910
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| maven | lambdaisland:uri | < 1.14.120 | 1.14.120 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.