Description
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Recommendation
Update the @firebase/util package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.3.4
- Patched version(s): 0.3.4
References
Related Issues
- Mammoth is vulnerable to Directory Traversal - CVE-2025-11849
- json-logic-js Command Injection vulnerability - CVE-2021-4329
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- Tags:
- npm
- @firebase/util
Anything's wrong? Let us know Last updated on February 01, 2023