Description
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Remediation
References
https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada
https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324
https://github.com/firebase/firebase-js-sdk/pull/4001
Related Vulnerabilities
CVE-2022-24197 Vulnerability in maven package com.itextpdf:itext7-core
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-nifi-parent
CVE-2021-41184 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2018-6356 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-7760 Vulnerability in maven package org.webjars.npm:codemirror