CVE-2020-7765 – @firebase/util

Package

Manager: npm
Name: @firebase/util
Vulnerable Version: >=0 <0.3.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00169 pctl0.38474

Details

Uncontrolled Resource Consumption in firebase This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Metadata

Created: 2021-05-18T01:57:24Z
Modified: 2021-04-15T21:39:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-fpm5-vv97-jfwg/GHSA-fpm5-vv97-jfwg.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-fpm5-vv97-jfwg
Finding: F067
Auto approve: 1