CVE-2020-8910
moderate-risk
Published 2020-03-26
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Closure Library
Affected Vendors
References (4)
Third Party Advisory
https://github.com/google/closure-library/releases/tag/v20200315
Third Party Advisory
https://github.com/google/closure-library/releases/tag/v20200315
30
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal