CVE-2023-26115 - Update firebase-admin@11.11.0 to utilize @google-cloud/firestore@7.1.0 #2352
keithbriones
started this conversation in
General
Replies: 1 comment 1 reply
-
|
do you have PoC for the cve? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
@putuoka I have not put together a PoC for the cve, is NIST not trustable? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I'm going through security vulnerabilities in my organizations services and one of them is stemming from firebase-admin@11.11.0.
Issue: Upgrade word-wrap to version 1.2.4 or above
CVE-2023-26115
https://nvd.nist.gov/vuln/detail/CVE-2023-26115
firebase-admin@11.11.0
└─┬ @google-cloud/firestore@6.8.0
└─┬ google-gax@3.6.1
└─┬ protobufjs-cli@1.1.1
└─┬ escodegen@1.14.3
└─┬ optionator@0.8.3
└── word-wrap@1.2.3
It looks like @google-cloud/firestore@7.1.0 already resolves this CVE by upgrading to a newer version of word-wrap.
Do you know when/how soon firebase-admin will be updated to use the updated package?
regards,
Keith Briones
Beta Was this translation helpful? Give feedback.
All reactions