Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF in firebase-tools emulator suite
Vulnerability Description
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Firebase CLI 安全漏洞
Vulnerability Description
Firebase CLI是美国Firebase公司的一个命令行工具。 Firebase CLI存在安全漏洞,该漏洞源于允许正在运行模拟器的用户在允许调用本地主机的浏览器上利用该漏洞导航到恶意网站,泄露模拟器数据。
CVSS Information
N/A
Vulnerability Type
N/A