CVE-2020-8910
Improper Input Validation in Google Closure Library
6.5
MEDIUM
CVSS 3.1
EPSS 0.13%
Description
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation -- update your library to version v20200315.
How to fix CVE-2020-8910
To remediate CVE-2020-8910, upgrade the affected package to a fixed version below.
- —upgrade to 20200315.0.0 or later
Is CVE-2020-8910 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 20200315.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |