Security
Headlines

Headlines Latest CVEs

Headline

GHSA-4g6q-77j7-vvjc: Logging of the firestore key within nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

11 months ago

#nodejs #js #git

Logging of the firestore key within nodejs-firestore

Moderate severity GitHub Reviewed Published Dec 4, 2023 to the GitHub Advisory Database • Updated Dec 4, 2023

Related news

CVE-2023-6460: fix: Don't allow serialization of firestore settings by abhishekwebcode · Pull Request #1742 · googleapis/nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

11 months ago

#web #google #nodejs #js

ghsa: Latest News

GHSA-g85v-wf27-67xc: Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

12 hours ago

GHSA-8495-4g3g-x7pr: aiohttp allows request smuggling due to incorrect parsing of chunk extensions

15 hours ago

GHSA-27mf-ghqm-j3j8: aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

15 hours ago

GHSA-jp37-5qhw-mffw: Sharks has a Bias of Polynomial Coefficients in Secret Sharing

16 hours ago

GHSA-vggm-3478-vm5m: Graylog concurrent PDF report rendering can leak other users' reports

16 hours ago