GHSA-fpm5-vv97-jfwg

Suggest an improvement
Source
https://github.com/advisories/GHSA-fpm5-vv97-jfwg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-fpm5-vv97-jfwg/GHSA-fpm5-vv97-jfwg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-fpm5-vv97-jfwg
Aliases
Published
2021-05-18T01:57:24Z
Modified
2026-03-13T22:11:00.572550Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Uncontrolled Resource Consumption in firebase
Details

This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Database specific 
{
    "github_reviewed_at": "2021-04-15T21:39:07Z",
    "nvd_published_at": "2020-11-16T12:15:00Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}
References

Affected packages

npm / @firebase/util

Package

Name
@firebase/util
View open source insights on deps.dev
Purl
pkg:npm/%40firebase/util

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.4

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-fpm5-vv97-jfwg/GHSA-fpm5-vv97-jfwg.json"