firebase-tools@12.9.1 vulnerabilities

Command-Line Interface for Firebase

latest version

13.8.0
latest non vulnerable version

13.8.0
first published

10 years ago
latest version published

5 days ago
licenses detected
- MIT
  >=0
View firebase-tools package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the firebase-tools package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Cross-Site Request Forgery (CSRF) firebase-tools is a Command-Line Interface for Firebase Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the `export` endpoint. An attacker can issue calls against `localhost` on the affected application by convincing a user to visit a malicious page using the emulator, and extract information from the application. How to fix Cross-Site Request Forgery (CSRF)? Upgrade `firebase-tools` to version 13.6.1 or higher.	<13.6.1

Cross-Site Request Forgery (CSRF)

firebase-tools is a Command-Line Interface for Firebase

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the export endpoint. An attacker can issue calls against localhost on the affected application by convincing a user to visit a malicious page using the emulator, and extract information from the application.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade firebase-tools to version 13.6.1 or higher.

<13.6.1

Go back to all versions of this package

firebase-tools@12.9.1 vulnerabilities

Command-Line Interface for Firebase

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities