5 matches found
2bsafe-api (>=1.0.1 <=1.0.2), 3architecture (>=1.0.0 <=1.7.0) +2318 more potentially affected by CVE-2020-7765 via @firebase/util (>=0.1.10-canary.a1020bf <=0.3.4-2020103231751)
@firebase/util NPM version =0.1.10-canary.a1020bf, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.1, =1.0.24, =0.65.0, =0.53.0, =0.50.0, =0.0.2, =0.0.1, =1.1.6, =1.3.1 and more Source cves: CVE-2020-7765 Source advisory: OSV:GHSA-FPM5-VV97-JFWG...
CVE-2020-7765
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
CVE-2020-7765 Prototype Pollution
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
CVE-2020-7765
Summary: The vulnerability affects the package @firebase/util prior to 0.3.4. It stems from the DeepCopy.ts file’s deepExtend function, where unsanitized user input can overwrite and pollute a program’s Object.prototype (prototype pollution). Impact: Contamination of prototypes and potential down...
2bsafe-api (>=1.0.1 <=1.0.2), 3architecture (>=1.0.0 <=1.7.0) +2318 more potentially affected by CVE-2020-7765 via @firebase/util (>=0.1.10-canary.a1020bf <=0.3.4-2020103231751)
@firebase/util NPM version =0.1.10-canary.a1020bf, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.1, =1.0.24, =0.65.0, =0.53.0, =0.50.0, =0.0.2, =0.0.1, =1.1.6, =1.3.1 and more Source cves: CVE-2020-7765 Source advisory: SNYK:JS-FIREBASEUTIL-1038324...