Vigil@nce - Node.js firebase/util: overload via deepExtend, analyzed on 25/05/2021

The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Synthesis of the vulnerability 

An attacker can trigger an overload via deepExtend() of Node.js firebase/util, in order to trigger a denial of service.Impacted products: Nodejs Modules ~ not comprehensive.

Severity of this bulletin: 2/4.

Creation date: 25/05/2021.

Références of this threat: CVE-2020-7765, GHSA-fpm5-vv97-jfwg, NPM-1717, VIGILANCE-VUL-35517.

Description of the vulnerability 

An attacker can trigger an overload via deepExtend() of Node.js firebase/util, in order to trigger a denial of service.Full bulletin, software filtering, emails, fixes, ... (Request your free trial)This threat note impacts software or systems such as Nodejs Modules ~ not comprehensive.

Our Vigil@nce team determined that the severity of this cybersecurity note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability note.

Solutions for this threat 

Node.js firebase/util: version 0.3.4.

The version 0.3.4 is fixed:

  https://www.npmjs.com/package/%40firebase%2Futil

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities patches. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.


Vigil@nce - Node.js firebase/util: overload via deepExtend, analyzed on 25/05/2021