First published: Mon Dec 04 2023(Updated: )
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
Credit: cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Cloud Firestore | <6.1.0 | |
npm/@google-cloud/firestore | <6.1.0 | 6.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-6460.
The severity of CVE-2023-6460 is medium.
The affected software version of CVE-2023-6460 is @google-cloud/firestore version up to 6.1.0.
To fix CVE-2023-6460, it is recommended to upgrade to version 6.1.0 of @google-cloud/firestore.
More information about CVE-2023-6460 can be found at the following references: [GitHub Pull Request](https://github.com/googleapis/nodejs-firestore/pull/1742), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-6460), [GitHub Releases](https://github.com/googleapis/nodejs-firestore/releases/tag/v6.1.0).