Description
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Recommendation
Update the @firebase/util package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.3.4
- Patched version(s): 0.3.4
References
Related Issues
- Uncontrolled resource consumption in jpeg-js - CVE-2020-8175
- Uncontrolled Resource Consumption in node-opcua - CVE-2022-21208
- graphql Uncontrolled Resource Consumption vulnerability - CVE-2023-26144
- Uncontrolled Resource Consumption in markdown-it - CVE-2022-21670
- Tags:
- npm
- @firebase/util
Anything's wrong? Let us know Last updated on February 01, 2023