CVE-2020-7765

Опубликовано: 16 нояб. 2020

Источник: nvd

CVSS3: 5.6

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Ссылки

https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada
Patch
Third Party Advisory
https://github.com/firebase/firebase-js-sdk/pull/4001
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324
Exploit
Third Party Advisory
https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada
Patch
Third Party Advisory
https://github.com/firebase/firebase-js-sdk/pull/4001
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:firebase\/util:*:*:*:*:*:node.js:*:*

Версия до 0.3.4 (исключая)

EPSS

Процентиль: 38%

0.00169

Низкий

5.6 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-fpm5-vv97-jfwg

CVSS3: 5.3

github

больше 4 лет назад

Uncontrolled Resource Consumption in firebase

EPSS

Процентиль: 38%

0.00169

Низкий

5.6 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo