Vulnerability DatabaseWS-2016-7086
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2016-7086
August 10, 2016
In google/closure-library, v20160106 to v20160713 there is a potential vulnerability due to insufficient validation, that could lead to a src URL being assigned to an element that’s not of the correct type. An attacker can pass dangerous elements that will cause disclosure of sensitive data.
Related Resources (4)
https://github.com/google/closure-library/commit/51fc671355edc037896636d8cb82c6387707c95c
https://github.com/google/closure-library/commit/d4eec2a88fe456e4db02a27c9d0bd230b4dd4d3b
https://github.com/google/closure-library/commit/54334adf547b8b40f212d1c078d0d66091e038f6
https://github.com/google/closure-library/commit/0c3a9182c10d3720360aab598cdbcf80face89cd
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.8
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.6
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE