漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Session Hijacking in Firebase JavaScript SDK
Vulnerability Description
Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow an actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Google Firebase Js Sdk 安全漏洞
Vulnerability Description
Google Firebase Js Sdk是美国谷歌(Google)公司的一个用于连接Firebase后端服务的客户端代码库。 Google Firebase Js Sdk存在安全漏洞,该漏洞源于使用名为FIREBASE_DEFAULTS的cookie来存储配置数据,从而允许攻击者捕获由SDK传输的用户会话数据。
CVSS Information
N/A
Vulnerability Type
N/A