A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
References
Link | Resource |
---|---|
https://github.com/googleapis/nodejs-firestore/pull/1742 | Issue Tracking Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Google
Published: 2023-12-04T12:26:29.505Z
Updated: 2024-05-24T08:10:07.290Z
Reserved: 2023-12-01T11:10:57.359Z
Link: CVE-2023-6460
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-04T13:15:07.800
Modified: 2023-12-08T14:03:08.493
Link: CVE-2023-6460
JSON object: View
Redhat Information
No data.