QID 996174
Date Published: 2023-12-13
QID 996174: NodeJs (Npm) Security Update for @google-cloud/firestore (GHSA-4g6q-77j7-vvjc)
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-4g6q-77j7-vvjc for updates and patch information.
Vendor References
- GHSA-4g6q-77j7-vvjc -
github.com/advisories/GHSA-4g6q-77j7-vvjc
CVEs related to QID 996174
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-4g6q-77j7-vvjc | @google-cloud/firestore |
|