CVE-2024-4128

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-4128
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4128.json
Aliases
Published
2024-05-02T14:15:10Z
Modified
2024-05-14T12:35:56.740718Z
Summary
[none]
Details

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit  068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0

References

Affected packages

Git / github.com/firebase/firebase-tools

Affected ranges

Type
GIT
Repo
https://github.com/firebase/firebase-tools
Events
Introduced
0The exact introduced commit is unknown
Fixed
068a2b08dc308c7ab4b569617f5fc8821237e3a0

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.2.0

v10.*

v10.0.0
v10.0.1
v10.1.0
v10.1.1
v10.1.2
v10.1.3
v10.1.4
v10.1.5
v10.2.0
v10.2.1
v10.2.2
v10.3.0
v10.3.1
v10.4.0
v10.4.1
v10.4.2
v10.5.0
v10.6.0
v10.7.0
v10.7.1
v10.7.2
v10.8.0
v10.9.0
v10.9.1
v10.9.2

v11.*

v11.0.0
v11.0.1
v11.1.0
v11.10.0
v11.11.0
v11.12.0
v11.13.0
v11.14.0
v11.14.1
v11.14.2
v11.14.3
v11.14.4
v11.15.0
v11.16.0
v11.16.1
v11.18.0
v11.19.0
v11.2.0
v11.2.1
v11.2.2
v11.20.0
v11.21.0
v11.22.0
v11.23.0
v11.23.1
v11.24.0
v11.24.1
v11.25.0
v11.25.1
v11.25.2
v11.25.3
v11.26.0
v11.27.0
v11.28.0
v11.29.0
v11.29.1
v11.3.0
v11.30.0
v11.4.0
v11.4.1
v11.4.2
v11.5.0
v11.6.0
v11.7.0
v11.8.0
v11.8.1
v11.9.0

v12.*

v12.0.0
v12.0.1
v12.1.0
v12.2.0
v12.2.1
v12.3.0
v12.3.1
v12.4.0
v12.4.1
v12.4.2
v12.4.3
v12.4.4
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.5.0
v12.5.1
v12.5.2
v12.5.4
v12.6.0
v12.6.1
v12.6.2
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1

v13.*

v13.0.0
v13.0.1
v13.0.2
v13.0.3
v13.1.0
v13.2.0
v13.2.1
v13.3.0
v13.3.1
v13.4.0
v13.4.1
v13.5.0
v13.5.1
v13.5.2
v13.6.0

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.2.0
v2.2.1

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.1.0
v3.10.0
v3.10.1
v3.11.0
v3.12.0
v3.13.0
v3.13.1
v3.14.0
v3.15.0
v3.15.1
v3.15.2
v3.15.3
v3.15.4
v3.16.0
v3.17.0
v3.17.1
v3.17.2
v3.17.3
v3.17.4
v3.17.5
v3.17.6
v3.17.7
v3.18.0
v3.18.1
v3.18.2
v3.18.3
v3.18.4
v3.18.5
v3.18.6
v3.19.0
v3.19.1
v3.19.2
v3.19.3
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.4.0
v3.5.0
v3.6.0
v3.6.1
v3.7.0
v3.8.0
v3.9.0
v3.9.1
v3.9.2

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1

v5.*

v5.0.0
v5.0.1
v5.1.0
v5.1.1

v6.*

v6.0.0
v6.0.1
v6.1.0
v6.1.1
v6.1.2
v6.10.0
v6.11.0
v6.12.0
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.6.0
v6.7.0
v6.7.1
v6.7.2
v6.8.0
v6.9.0
v6.9.1
v6.9.2

v7.*

v7.0.0
v7.0.1
v7.0.2
v7.1.0
v7.1.1
v7.10.0
v7.11.0
v7.12.0
v7.12.1
v7.13.0
v7.13.1
v7.14.0
v7.15.0
v7.15.1
v7.16.0
v7.16.1
v7.16.2
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.3.0
v7.3.1
v7.3.2
v7.4.0
v7.5.0
v7.6.0
v7.6.1
v7.6.2
v7.7.0
v7.8.0
v7.8.1
v7.9.0

v8.*

v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.1.0
v8.1.1
v8.10.0
v8.11.0
v8.11.1
v8.11.2
v8.12.0
v8.12.1
v8.13.0
v8.13.1
v8.14.0
v8.14.1
v8.15.0
v8.15.1
v8.16.0
v8.16.1
v8.16.2
v8.17.0
v8.18.0
v8.18.1
v8.19.0
v8.2.0
v8.20.0
v8.3.0
v8.4.0
v8.4.1
v8.4.2
v8.4.3
v8.5.0
v8.6.0
v8.7.0
v8.8.0
v8.8.1
v8.9.0
v8.9.1
v8.9.2

v9.*

v9.0.0
v9.0.1
v9.1.0
v9.1.1
v9.1.2
v9.10.0
v9.10.1
v9.10.2
v9.11.0
v9.12.0
v9.12.1
v9.13.0
v9.13.1
v9.14.0
v9.15.0
v9.15.1
v9.16.0
v9.16.1
v9.16.2
v9.16.3
v9.16.4
v9.16.5
v9.16.6
v9.17.0
v9.18.0
v9.19.0
v9.2.0
v9.2.1
v9.2.2
v9.20.0
v9.21.0
v9.22.0
v9.23.0
v9.23.1
v9.23.2
v9.3.0
v9.4.0
v9.5.0
v9.6.0
v9.6.1
v9.7.0
v9.8.0
v9.9.0