@google-cloud/firestore@4.15.1 vulnerabilities

Firestore Client Library for Node.js

Direct Vulnerabilities

Known vulnerabilities in the @google-cloud/firestore package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure Storage of Sensitive Information

@google-cloud/firestore is a Firestore Client Library for Node.js

Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information. An attacker with logs read access can potentially read sensitive information exposed by developers that log objects through this._settings, which could inadvertently log the firestore key.

How to fix Insecure Storage of Sensitive Information?

Upgrade @google-cloud/firestore to version 6.2.0 or higher.

<6.2.0