← voltar
CVE-2020-7765

Prototype Pollution

CVSS 5.6 MEDIUMEPSS 0.6%
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Produtos afetados
n/a · @firebase/util

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45adahttps://github.com/firebase/firebase-js-sdk/pull/4001https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324