CVE-2020-7765
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Summary
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | @firebase/util | unspecified < 0.3.4 | affected |
Weaknesses
- Prototype Pollution
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324
- https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada
- https://github.com/firebase/firebase-js-sdk/pull/4001
References
- https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324
- https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada
- https://github.com/firebase/firebase-js-sdk/pull/4001
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.