CVE-2020-7765
Uncontrolled Resource Consumption in firebase
5.3
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
How to fix CVE-2020-7765
To remediate CVE-2020-7765, upgrade the affected package to a fixed version below.
- —upgrade to 0.3.4 or later
Is CVE-2020-7765 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.3.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |