CVE-2020-8910: Auth Bypass in Google's Closure-Library
First published: Thu Mar 26 2020(Updated: )
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Closure Tools | <20200315 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-8910?
CVE-2020-8910 is considered a medium severity vulnerability due to its potential for exploitation through malicious URL parsing.
How do I fix CVE-2020-8910?
To fix CVE-2020-8910, update the Google Closure Library to version v20200315 or later.
What components are affected by CVE-2020-8910?
CVE-2020-8910 affects the Google Closure Library versions up to and including v20200224.
What type of issue is CVE-2020-8910?
CVE-2020-8910 is classified as a URL parsing issue within the Google Closure Library.
Can CVE-2020-8910 allow remote attacks?
Yes, CVE-2020-8910 can allow attackers to exploit incorrectly parsed URLs to manipulate applications.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google closure tools