VDB

GCVE-110-CLOUD-2020-0028

GCVE-110-CLOUD-2020-0028
Advisory Published
Vulnetix · Advisory published March 8, 2020
A vulnerability in Google's common JavaScript library allowed bypassing domain validation checks across multiple Google products. By using a backslash character in URLs, an attacker could make the regex parser and browser disagree on the authority (domain) portion of a URL, allowing injection of arbitrary domains that pass whitelisting checks.

Affected Products

VendorProductVersionsPlatforms
GCPCloud Console, GMail API, Actions Console, YouTube Studio, Google Accounts

References

advisory
advisory

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›