CVE-2020-7765

Summary

This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Affected Software

VendorProductVersion RangeStatus
n/a@firebase/utilunspecified < 0.3.4affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References