5 matches found
GHSA-CP4W-6X4W-V2H5 lambdaisland/uri `authority-regex` returns the wrong authority
Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...
lambdaisland/uri `authority-regex` returns the wrong authority
Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...
CVE-2020-8910
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...
CVE-2020-8910 Auth Bypass in Google's Closure-Library
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...
CVE-2020-8910
The CVE-2020-8910 entry concerns Google Closure Library’s goog.uri in versions up to v20200224. A URL-parsing flaw allows a crafted URL to yield an incorrect authority, potentially enabling bypass of host restrictions. Mitigation is to upgrade to version v20200315. Connected Nessus entry mirrors ...