Skip to content

@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability

High severity GitHub Reviewed Published Apr 18, 2024 to the GitHub Advisory Database • Updated Apr 18, 2024

Package

npm @andrei-tatar/nora-firebase-common (npm)

Affected versions

>= 1.0.41, < 1.12.3

Patched versions

1.12.3

Description

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.

References

Published by the National Vulnerability Database Apr 18, 2024
Published to the GitHub Advisory Database Apr 18, 2024
Reviewed Apr 18, 2024
Last updated Apr 18, 2024

Severity

High

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2024-30564

GHSA ID

GHSA-jjff-q3q4-5hh8

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.