VDB
CVE-2020-8910
CVE-2020-8910
PUBLISHED
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
EPSS 0.13% · 31.7th percentile
Risk Scores
EPSS Score
0.13%
31.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | qtwebengine-opensource-src | 5.15.6+dfsg-1, 5.15.9+dfsg-1, 5.15.8+dfsg-2 |
| Ubuntu:20.04:LTS | qtwebengine-opensource-src | 5.12.5+dfsg-7, 5.12.4+dfsg-1ubuntu3, 5.12.4+dfsg-1ubuntu1 |
| Ubuntu:18.04:LTS | qtwebengine-opensource-src | *, 0, 5.9.1+dfsg-4ubuntu1 |
| Ubuntu:24.04:LTS | qtwebengine-opensource-src | 5.15.15+dfsg-2, 5.15.16+dfsg-3, 5.15.16+dfsg-1ubuntu4 |
| Ubuntu:25.10 | qtwebengine-opensource-src | *, *, 5.15.19+dfsg-1 |
Exploit Intelligence
Timeline
- Mar 26, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 21, 2021 CVE Updated
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8910 third-party-advisory
- https://github.com/google/closure-library/releases/tag/v20200315 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8910 third-party-advisory