← back
CVE-2020-8910

Auth Bypass in Google's Closure-Library

CVSS 6.5 MEDIUMEPSS 0.5%CWE-625
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Mar 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
Google · Closure-Library

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9https://github.com/google/closure-library/releases/tag/v20200315