Insufficient Validation Affecting google-closure-library package, versions <20200315.0.0
Threat Intelligence
EPSS
0.09% (38th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-GOOGLECLOSURELIBRARY-561341
- published 26 Mar 2020
- disclosed 26 Mar 2020
- credit Unknown
Introduced: 26 Mar 2020
CVE-2020-8910 Open this link in a new tabHow to fix?
Upgrade google-closure-library
to version 20200315.0.0 or higher.
Overview
google-closure-library is a powerful, low-level JavaScript library designed for building complex and scalable web applications. It is used by many Google web applications, such as Google Search, Gmail, Google Docs, Google+, Google Maps, and others.
Affected versions of this package are vulnerable to Insufficient Validation. A URL parsing issue in goog.uri of the Google Closure Library allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority.
References
CVSS Scores
version 3.1