8 matches found
2bsafe-api (>=1.0.1 <=1.0.2), 3architecture (>=1.0.0 <=1.7.0) +2318 more potentially affected by CVE-2020-7765 via @firebase/util (>=0.1.10-canary.a1020bf <=0.3.4-2020103231751)
@firebase/util NPM version =0.1.10-canary.a1020bf, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.1, =1.0.24, =0.65.0, =0.53.0, =0.50.0, =0.0.2, =0.0.1, =1.1.6, =1.3.1 and more Source cves: CVE-2020-7765 Source advisory: OSV:GHSA-FPM5-VV97-JFWG...
GHSA-FPM5-VV97-JFWG Uncontrolled Resource Consumption in firebase
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
Google Firebase Js Sdk prototype contamination vulnerability
Google Firebase Js Sdk is a client-side code base for connecting to the Firebase backend service from Google. firebase/util versions prior to 0.3.4 contain a prototype contamination vulnerability that originates from the deepExtend function in DeepCopy.ts. An attacker could exploit this...
CVE-2020-7765
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
CVE-2020-7765
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
CVE-2020-7765 Prototype Pollution
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
2bsafe-api (>=1.0.1 <=1.0.2), 3architecture (>=1.0.0 <=1.7.0) +2318 more potentially affected by CVE-2020-7765 via @firebase/util (>=0.1.10-canary.a1020bf <=0.3.4-2020103231751)
@firebase/util NPM version =0.1.10-canary.a1020bf, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.1, =1.0.24, =0.65.0, =0.53.0, =0.50.0, =0.0.2, =0.0.1, =1.1.6, =1.3.1 and more Source cves: CVE-2020-7765 Source advisory: SNYK:JS-FIREBASEUTIL-1038324...
Prototype Pollution
Overview @firebase/util is a wrapper of some Webchannel Features for the Firebase JS SDK. Affected versions of this package are vulnerable to Prototype Pollution. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker...