CVE-2020-7765: Prototype Pollution

November 16, 2020 (updated December 1, 2020)

This affects the package @firebase/util This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

References

nvd.nist.gov/vuln/detail/CVE-2020-7765

Detect and mitigate CVE-2020-7765 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →