20 matches found
EUVD-2021-1203
Malware in sbrugna...
Auth Bypass in Google's Closure-Library
...
CVE-2020-8910
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...
lambdaisland/uri `authority-regex` returns the wrong authority
Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...
GHSA-CP4W-6X4W-V2H5 lambdaisland/uri `authority-regex` returns the wrong authority
Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...
GHSA-VH5W-FG69-RC8M Improper Input Validation in Google Closure Library
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation -- update your library to version v20200315...
Improper Input Validation in Google Closure Library
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation -- update your library to version v20200315...
@dorfjungs/google-closure-extlib (>=1.0.0 <=1.1.17), @microduino/accountcenter (>=1.8.1 <=1.8.7) +31 more potentially affected by unknown CVE via google-closure-library (>=20151015.0.0 <=20190121.0.0)
google-closure-library NPM version =20151015.0.0, =1.0.0, =1.8.1, =0.1.0, =0.5.0, =2.0.0, =900.1.12, =1.0.0, =0.0.0, =1.0.1, =0.9.0, =0.9.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-R9Q4-W3FM-WRM2...
GHSA-R9Q4-W3FM-WRM2 Cross-Site Scripting in google-closure-library
Versions of google-closure-library prior to 20190301.0.0 are vulnerable to Cross-Site Scripting. The safedomtreeprocessor.processToString function improperly processed empty elements, which could allow attackers to execute arbitrary JavaScript through Mutation Cross-Site Scripting. Recommendation...
Cross-Site Scripting in google-closure-library
Versions of google-closure-library prior to 20190301.0.0 are vulnerable to Cross-Site Scripting. The safedomtreeprocessor.processToString function improperly processed empty elements, which could allow attackers to execute arbitrary JavaScript through Mutation Cross-Site Scripting. Recommendation...
Insecure URL Parsing
google-closure-library does not properly parse URLs. An attacker is able to send a malicious URL to cause the server to return the wrong authority...
Google Closure Library Input Validation Error Vulnerability
Google Closure Library is the United States Google Google a cross-browser , modular JavaScript library . A security vulnerability exists in the goog.uri file in Google Closure Library v20200224 and earlier versions. An attacker can exploit this vulnerability by sending malicious URLs to obtain...
CVE-2020-8910
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...
CVE-2020-8910
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...
CVE-2020-8910
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...
Design/Logic Flaw
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...
CVE-2020-8910 Auth Bypass in Google's Closure-Library
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315...
CVE-2020-8910
The CVE-2020-8910 entry concerns Google Closure Library’s goog.uri in versions up to v20200224. A URL-parsing flaw allows a crafted URL to yield an incorrect authority, potentially enabling bypass of host restrictions. Mitigation is to upgrade to version v20200315. Connected Nessus entry mirrors ...
PT-2020-20363 · Google · Google Closure Library
Name of the Vulnerable Software and Affected Versions: Google Closure Library versions up to and including v20200224 Description: A URL parsing issue in goog.uri of the Google Closure Library allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority...
Cross-Site Scripting
Overview Versions of google-closure-library prior to 20190301.0.0 are vulnerable to Cross-Site Scripting. The safedomtreeprocessor.processToString function improperly processed empty elements, which could allow attackers to execute arbitrary JavaScript through Mutation Cross-Site Scripting...