firebase-tools@7.6.2 vulnerabilities

Command-Line Interface for Firebase

Direct Vulnerabilities

Known vulnerabilities in the firebase-tools package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Cross-Site Request Forgery (CSRF)

firebase-tools is a Command-Line Interface for Firebase

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the export endpoint. An attacker can issue calls against localhost on the affected application by convincing a user to visit a malicious page using the emulator, and extract information from the application.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade firebase-tools to version 13.6.1 or higher.

<13.6.1