Description
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Recommendation
Update the @firebase/util package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.3.4
- Patched version(s): 0.3.4
References
Related Issues
- Uncontrolled resource consumption in jpeg-js - CVE-2020-8175
- Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity - CVE-2025-58451
- Uncontrolled Resource Consumption in node-opcua - CVE-2022-21208
- Uncontrolled Resource Consumption in markdown-it - CVE-2022-21670
You might also like:
- Tags:
- npm
- @firebase/util
Anything's wrong? Let us know Last updated on February 01, 2023


