You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"details": "An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.",
"details": "A prototype pollution vulnerability exists in `@andrei-tatar/nora-firebase-common` between versions 1.0.41 and 1.12.2. A remote attacker can send a crafted payload that manipulates the `__proto__` property of JavaScript objects, injecting arbitrary properties onto `Object.prototype`. This affects all objects in the runtime and can lead to privilege escalation, remote code execution, or application logic bypass depending on how prototype properties are consumed downstream.\n\nThe vulnerability stems from insufficient key sanitization when merging or processing untrusted input objects. Version 1.12.3 addresses the issue.",
0 commit comments