UBUNTU-CVE-2020-8910

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-8910

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8910.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-8910

Related

CVE-2020-8910

Published

2020-03-26T12:15:00Z

Modified

2025-06-03T17:34:06Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

References

Affected packages

Ubuntu:Pro:18.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src@5.9.5+dfsg-0ubuntu2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-4

5.9.1+dfsg-4ubuntu1

5.9.2+dfsg-2ubuntu1

5.9.3+dfsg-0ubuntu1

5.9.4+dfsg-0ubuntu1

5.9.5+dfsg-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:20.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src@5.12.8+dfsg-0ubuntu1.1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-1ubuntu1

5.12.4+dfsg-1ubuntu3

5.12.5+dfsg-3ubuntu1

5.12.5+dfsg-6ubuntu2

5.12.5+dfsg-7

5.12.5+dfsg-7build1

5.12.8+dfsg-0ubuntu1

5.12.8+dfsg-0ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.9+dfsg-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.6+dfsg-1

5.15.6+dfsg-2

5.15.7+dfsg-2

5.15.8+dfsg-1

5.15.8+dfsg-1build1

5.15.8+dfsg-1build2

5.15.8+dfsg-2

5.15.9+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.17+dfsg-4?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.16+dfsg-3

5.15.16+dfsg-5

5.15.17+dfsg-3

5.15.17+dfsg-4

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.16+dfsg-3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15+dfsg-2

5.15.15+dfsg-2build2

5.15.15+dfsg-2ubuntu1

5.15.16+dfsg-1

5.15.16+dfsg-1ubuntu2

5.15.16+dfsg-1ubuntu4

5.15.16+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:25.04 / qtwebengine-opensource-src

Package

Name: qtwebengine-opensource-src
Purl: pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.18+dfsg-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.17+dfsg-4

5.15.17+dfsg-5

5.15.17+dfsg2-1

5.15.17+dfsg2-2

5.15.17+dfsg2-3

5.15.18+dfsg-1

5.15.18+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "low"
}