Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoNXctZmc2OS1yYzht
Improper Input Validation in Google Closure Library
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation -- update your library to version v20200315.
Permalink: https://github.com/advisories/GHSA-vh5w-fg69-rc8mJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoNXctZmc2OS1yYzht
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Identifiers: GHSA-vh5w-fg69-rc8m, CVE-2020-8910
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8910
- https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9
- https://github.com/google/closure-library/releases/tag/v20200315
- https://github.com/advisories/GHSA-vh5w-fg69-rc8m
Blast Radius: 21.5
Affected Packages
npm:google-closure-library
Dependent packages: 237Dependent repositories: 2,063
Downloads: 276,509 last month
Affected Version Ranges: <= 20200224.0.0
Fixed in: 20200315.0.0
All affected versions: 20150315.0.0, 20150505.0.0, 20150609.0.0, 20150729.0.0, 20150901.0.0, 20150920.0.0, 20151015.0.0, 20151216.0.0, 20160125.0.0, 20160208.0.0, 20160218.0.0, 20160218.0.1, 20160218.0.2, 20160315.0.0, 20160517.0.0, 20160619.0.0, 20160713.0.0, 20160822.0.0, 20160911.0.0, 20161024.0.0, 20161201.0.0, 20170124.0.0, 20170218.0.0, 20170218.0.1, 20170409.0.0, 20170521.0.0, 20170626.0.0, 20170806.0.0, 20170910.0.0, 20171112.0.0, 20171203.0.0, 20180204.0.0, 20180402.0.0, 20180405.0.0, 20180506.0.0, 20180716.0.0, 20180805.0.0, 20180910.0.0, 20190121.0.0, 20190215.0.0, 20190301.0.0, 20190325.0.0, 20190415.0.0, 20190513.0.0, 20190528.0.0, 20190618.0.0, 20190709.0.0, 20190729.0.0, 20190819.0.0, 20190909.0.0, 20190929.0.0, 20191027.0.0, 20191027.0.1, 20191111.0.0, 20200101.0.0, 20200112.0.0, 20200204.0.0, 20200224.0.0
All unaffected versions: 20200315.0.0, 20200406.0.0, 20200504.0.0, 20200517.0.0, 20200614.0.0, 20200628.0.0, 20200719.0.0, 20200830.0.0, 20200927.0.0, 20201006.0.0, 20201102.0.1, 20210106.0.0, 20210202.0.0, 20210302.0.0, 20210406.0.0, 20210601.0.0, 20210808.0.0, 20210906.0.0, 20210907.0.0, 20211006.0.0, 20211107.0.0, 20211201.0.0, 20220104.0.0, 20220202.0.0, 20220301.0.0, 20220405.0.0, 20220502.0.0, 20220601.0.0, 20220719.0.0, 20220803.0.0, 20220905.0.0, 20221004.0.0, 20221102.0.0, 20230103.0.0, 20230206.0.0, 20230228.0.0, 20230411.0.0, 20230502.0.0, 20230802.0.0