4 matches found
Security Bulletin: IBM Maximo Application Suite uses firestore-4.15.1.tgz which is vulnerable to CVE-2023-6460
Summary IBM Maximo Application Suite uses firestore-4.15.1.tgz which is vulnerable to CVE-2023-6460. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-6460 DESCRIPTION: Google APIs nodejs-firestore could allow a local authenticate...
@01ht/ht-api-helper-functions (>=1.0.0 <=1.0.2), @1amageek/document-propagator (>=0.1.0 <=0.10.0) +1670 more potentially affected by CVE-2023-6460 via @google-cloud/firestore (>=0.10.2 <=5.0.2)
@google-cloud/firestore NPM version =0.10.2, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =1.0.24, =0.0.1, =0.0.5, =0.0.1, =0.1.17, =1.0.0, =1.0.5, =1.0.6 - @aeyrium/faa-parser =1.0.3 and more Source cves: CVE-2023-6460 Source advisory: OSV:GHSA-4G6Q-77J7-VVJC...
CVE-2023-6460
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...
CVE-2023-6460
CVE-2023-6460 affects Google nodejs-firestore. The issue arises from logging this._settings, which can cause leakage of the Firestore key to log files with read access. Reported across multiple sources, including NVD and OSV, with remediation guidance to upgrade to version 6.1.0 where the issue i...