5.6
CVE-2020-7765
- EPSS 0.56%
- Veröffentlicht 16.11.2020 12:15:14
- Zuletzt bearbeitet 21.11.2024 05:37:45
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
Prototype Pollution
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Google ≫ Firebase/util SwPlatformnode.js Version < 0.3.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.423 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| report@snyk.io | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada
https://github.com/firebase/firebase-js-sdk/pull/4001
https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324