漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CSRF in firebase-tools emulator suite
Vulnerability Description
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Firebase CLI 安全漏洞
Vulnerability Description
Firebase CLI是美国Firebase公司的一个命令行工具。 Firebase CLI存在安全漏洞,该漏洞源于允许正在运行模拟器的用户在允许调用本地主机的浏览器上利用该漏洞导航到恶意网站,泄露模拟器数据。
CVSS Information
N/A
Vulnerability Type
N/A