CVE-2020-8910

MEDIUM

Google Closure Library <v20200315 - SSRF

Title source: llm
STIX 2.1

Description

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0052
EPSS Percentile 40.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-625
Status published
Products (2)
google/closure_library < 20200315
npm/google-closure-library 0 - 20200315.0.0npm
Published Mar 26, 2020
Tracked Since Feb 18, 2026