Lucene search
K

5 matches found

OSV
OSV
added 2023/03/27 10:31 p.m.19 views

GHSA-CP4W-6X4W-V2H5 lambdaisland/uri `authority-regex` returns the wrong authority

Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...

6.5CVSS5.7AI score0.00553EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/03/27 10:31 p.m.41 views

lambdaisland/uri `authority-regex` returns the wrong authority

Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...

6.1CVSS6AI score0.00553EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2020/03/26 12:15 p.m.15 views

CVE-2020-8910

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...

6.5CVSS6.5AI score
Exploits0References2
Cvelist
Cvelist
added 2020/03/26 11:38 a.m.36 views

CVE-2020-8910 Auth Bypass in Google's Closure-Library

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...

6.5CVSS6AI score0.00524EPSS
Exploits0References2
CVE
CVE
added 2020/03/26 11:38 a.m.83 views

CVE-2020-8910

The CVE-2020-8910 entry concerns Google Closure Library’s goog.uri in versions up to v20200224. A URL-parsing flaw allows a crafted URL to yield an incorrect authority, potentially enabling bypass of host restrictions. Mitigation is to upgrade to version v20200315. Connected Nessus entry mirrors ...

6.5CVSS5.7AI score0.00524EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder