5.6

CVE-2020-7765

Exploit

Prototype Pollution

This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleFirebase/util SwPlatformnode.js Version < 0.3.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.423
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
report@snyk.io 5.6 2.2 3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada
Patch
Third Party Advisory
https://github.com/firebase/firebase-js-sdk/pull/4001
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324
Third Party Advisory
Exploit