GHSA-vh5w-fg69-rc8m

Source

https://github.com/advisories/GHSA-vh5w-fg69-rc8m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-vh5w-fg69-rc8m/GHSA-vh5w-fg69-rc8m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vh5w-fg69-rc8m

Aliases

CVE-2020-8910

Published

2021-05-07T16:06:34Z

Modified

2023-11-08T04:04:19.217106Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Improper Input Validation in Google Closure Library

Details

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation -- update your library to version v20200315.

Database specific

{
    "nvd_published_at": "2020-03-26T12:15:00Z",
    "github_reviewed_at": "2021-05-06T20:57:55Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20"
    ]
}

References

Affected packages

npm / google-closure-library

Package

Name: google-closure-library; View open source insights on deps.dev
Purl: pkg:npm/google-closure-library

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20200315.0.0

Database specific

{
    "last_known_affected_version_range": "<= 20200224.0.0"
}