This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2020-11-16T12:00:17.953638Z
Updated: 2024-09-17T01:05:55.551Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7765
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-11-16T12:15:14.320
Modified: 2020-12-01T17:28:03.087
Link: CVE-2020-7765
Redhat
No data.