Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
This affects the package @firebase/util before 0.3.3-canary.9cf727fcc. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CWE-1321 - Prototype Pollution