Strix
26.1K

CVE-2020-8910

MEDIUMCVSS 6.5/10EPSS 0.52%

Last modified

CVE-2020-8910 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.. EPSS estimates a 0.52% chance of exploitation in the next 30 days.

Description

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Probability
0.52%

40.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GoogleClosure Library< 20200315

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-8910?
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
How severe is CVE-2020-8910?
CVE-2020-8910 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.
How do I fix CVE-2020-8910?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-8910?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST