Home > Vulnerability Database > WS-2016-7086

Mend.io Vulnerability Database

WS-2016-7086

Good to know:

Date: August 10, 2016

In google/closure-library, v20160106 to v20160713 there is a potential vulnerability due to insufficient validation, that could lead to a src URL being assigned to an element that’s not of the correct type. An attacker can pass dangerous elements that will cause disclosure of sensitive data.

Language: Java

Severity Score

5.6

Related Resources (5)

Url: https://github.com/google/closure-library/commit/51fc671355edc037896636d8cb82c6387707c95c

Url: https://github.com/google/closure-library/commit/0c3a9182c10d3720360aab598cdbcf80face89cd

Url: https://github.com/google/closure-library/commit/54334adf547b8b40f212d1c078d0d66091e038f6

Url: https://github.com/google/closure-library/commit/d4eec2a88fe456e4db02a27c9d0bd230b4dd4d3b

Url: https://www.mend.io/vulnerability-database/WS-2016-7086

Severity Score

5.6

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version v20160822

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2016-7086

Good to know:

Date: August 10, 2016

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?