CVE-2023-26115 - Update [email protected] to utilize @google-cloud/[email protected] #2352
keithbriones
started this conversation in
General
Replies: 1 comment 1 reply
-
|
do you have PoC for the cve? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
@putuoka I have not put together a PoC for the cve, is NIST not trustable? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I'm going through security vulnerabilities in my organizations services and one of them is stemming from [email protected].
Issue: Upgrade word-wrap to version 1.2.4 or above
CVE-2023-26115
https://nvd.nist.gov/vuln/detail/CVE-2023-26115
[email protected]
└─┬ @google-cloud/[email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
It looks like @google-cloud/[email protected] already resolves this CVE by upgrading to a newer version of word-wrap.
Do you know when/how soon firebase-admin will be updated to use the updated package?
regards,
Keith Briones
Beta Was this translation helpful? Give feedback.
All reactions