@google-cloud/firestore/.../firestore@1.1.0 vulnerabilities

Firestore Client Library for Node.js

  • latest version

    7.11.0

  • latest non vulnerable version

  • first published

    7 years ago

  • latest version published

    5 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @google-cloud/firestore package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insecure Storage of Sensitive Information

    @google-cloud/firestore is a Firestore Client Library for Node.js

    Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information. An attacker with logs read access can potentially read sensitive information exposed by developers that log objects through this._settings, which could inadvertently log the firestore key.

    How to fix Insecure Storage of Sensitive Information?

    Upgrade @google-cloud/firestore to version 6.2.0 or higher.

    <6.2.0