Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4g6q-77j7-vvjc: Logging of the firestore key within nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

ghsa
#nodejs#js#git

Logging of the firestore key within nodejs-firestore

Moderate severity GitHub Reviewed Published Dec 4, 2023 to the GitHub Advisory Database • Updated Dec 4, 2023

Related news

CVE-2023-6460: fix: Don't allow serialization of firestore settings by abhishekwebcode · Pull Request #1742 · googleapis/nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP