VDB
GCVE-110-CLOUD-2020-0028
GCVE-110-CLOUD-2020-0028
Advisory Published
A vulnerability in Google's common JavaScript library allowed bypassing domain validation checks across multiple Google products. By using a backslash character in URLs, an attacker could make the regex parser and browser disagree on the authority (domain) portion of a URL, allowing injection of arbitrary domains that pass whitelisting checks.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Cloud Console, GMail API, Actions Console, YouTube Studio, Google Accounts | — | — |
Browse GCVE Records
73,834 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.