GO-2024-2808 CSRF in firebase-tools emulator suite in github.com/firebase/firebase-tools

CSRF in firebase-tools emulator suite in github.com/firebase/firebase-tools...

@arunava-innofied/fire (=17.0.2), @backupfire/firebase (>=1.3.0 <=1.9.1) +55 more potentially affected by CVE-2024-4128 via firebase-tools (>=10.1.2 <=13.35.1)

firebase-tools NPM version =10.1.2, =1.3.0, =0.1.0, =0.1.1, =1.2.4, =1.16.0, =1.2.17, =0.4.0, =0.9.14, =1.0.0, =2.2.0, =6.0.10 and more Source cves: CVE-2024-4128 Source advisory: OSV:GHSA-RCM2-22F3-PQV3...

PT-2024-29345 · Firebase · Firebase-Tools

Name of the Vulnerable Software and Affected Versions: firebase-tools versions prior to 13.6.0 Description: This issue is related to a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint used to export data from running emulators. If a user is running the...

@askelephant/firebase-tools (>=15.4.0 <=15.5.1), @erosolarcoder/erosolar-coder (>=1.0.87 <=1.0.93) +33 more potentially affected by unknown CVE via superstatic (>=0.4.11 <=5.0.1)

superstatic NPM version =0.4.11, =15.4.0, =1.0.87, =2.0.0, =0.3.0, =1.0.0-alpha.0, =0.1.1, =0.1.3, =1.0.0, =0.0.1, =2.0.0, =2.4.0 - @uniqueminds/firebase-tools =14.27.0 - @xanderia/xata =0.2.0 - angular-cli-firebase-hosting =0.1.0 - artificialintelligenceiseven =2.0.0 - claude-project =5.2.0 and...