Vigil@nce - Node.js firebase/util: overload via deepExtend, analyzed on 25/05/2021
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.
Synthesis of the vulnerability
An attacker can trigger an overload via deepExtend() of Node.js firebase/util, in order to trigger a denial of service.Impacted products: Nodejs Modules ~ not comprehensive.
Severity of this bulletin: 2/4.
Creation date: 25/05/2021.
Références of this threat: CVE-2020-7765, GHSA-fpm5-vv97-jfwg, NPM-1717, VIGILANCE-VUL-35517.
Description of the vulnerability
An attacker can trigger an overload via deepExtend() of Node.js firebase/util, in order to trigger a denial of service.Full bulletin, software filtering, emails, fixes, ... (Request your free trial)This threat note impacts software or systems such as Nodejs Modules ~ not comprehensive.
Our Vigil@nce team determined that the severity of this cybersecurity note is medium.
The trust level is of type confirmed by the editor, with an origin of document.
An attacker with a expert ability can exploit this vulnerability note.
Solutions for this threat
Node.js firebase/util: version 0.3.4.
The version 0.3.4 is fixed:
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service
Vigil@nce provides systems vulnerabilities patches. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.