CVE-2020-7765

Prototype Pollution

CVSS 5.6 MEDIUMEPSS 0.6%

This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Affected products

n/a · @firebase/util

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada https://github.com/firebase/firebase-js-sdk/pull/4001 https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324