firepad@1.5.0 vulnerabilities

Collaborative text editing powered by Firebase

latest version

1.5.11

first published

10 years ago

latest version published

4 years ago

licenses detected

MIT
>=0

View firepad package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the firepad package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Information Exposure firepad is a Collaborative text editing powered by Firebase Affected versions of this package are vulnerable to Information Exposure through the document access feature. An attacker can retrieve both the current text and all historical content of a document by knowing the pad ID. Notes: This is only exploitable if the attacker has knowledge of the pad ID. This vulnerability only affects products that are no longer supported by the maintainer. How to fix Information Exposure? There is no fixed version for `firepad`.	*

Information Exposure

firepad is a Collaborative text editing powered by Firebase

Affected versions of this package are vulnerable to Information Exposure through the document access feature. An attacker can retrieve both the current text and all historical content of a document by knowing the pad ID.

Notes:

This is only exploitable if the attacker has knowledge of the pad ID.
This vulnerability only affects products that are no longer supported by the maintainer.

How to fix Information Exposure?

There is no fixed version for firepad.

Go back to all versions of this package