Description
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Recommendation
Update the @firebase/util package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.3.4
- Patched version(s): 0.3.4
References
Related Issues
- Uncontrolled resource consumption in jpeg-js - CVE-2020-8175
- Uncontrolled Resource Consumption in node-opcua - CVE-2022-21208
- Uncontrolled Resource Consumption in markdown-it - CVE-2022-21670
- graphql Uncontrolled Resource Consumption vulnerability - CVE-2023-26144
- Tags:
- npm
- @firebase/util
Anything's wrong? Let us know Last updated on February 01, 2023