Information Exposure Affecting firepad package, versions *

Threat Intelligence

Proof of concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-JS-FIREPAD-8457136
published5 Dec 2024
disclosed4 Dec 2024
creditAditya Ahuja

Report a new vulnerability Found a mistake?

Introduced: 4 Dec 2024

NewCVE-2024-51210 (opens in a new tab) CWE-200 (opens in a new tab)

How to fix?

There is no fixed version for firepad.

Overview

firepad is a Collaborative text editing powered by Firebase

Affected versions of this package are vulnerable to Information Exposure through the document access feature. An attacker can retrieve both the current text and all historical content of a document by knowing the pad ID.

Notes:

This is only exploitable if the attacker has knowledge of the pad ID.
This vulnerability only affects products that are no longer supported by the maintainer.

References

Medium Blog

CVSS Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
Low
Integrity (VI)
None
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None