CVE-2023-26115 - Update [email protected] to utilize @google-cloud/[email protected] #2352
keithbriones
started this conversation in
General
Replies: 1 comment 1 reply
-
|
do you have PoC for the cve? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
@putuoka I have not put together a PoC for the cve, is NIST not trustable? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I'm going through security vulnerabilities in my organizations services and one of them is stemming from [email protected].
Issue: Upgrade word-wrap to version 1.2.4 or above
CVE-2023-26115
https://nvd.nist.gov/vuln/detail/CVE-2023-26115
[email protected]
└─┬ @google-cloud/[email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
It looks like @google-cloud/[email protected] already resolves this CVE by upgrading to a newer version of word-wrap.
Do you know when/how soon firebase-admin will be updated to use the updated package?
regards,
Keith Briones
Beta Was this translation helpful? Give feedback.
All reactions