PT-2024-23492 · Unknown · Inandrei-Tatar Nora-Firebase-Common
Mestrtee
·
Published
2024-04-18
·
Updated
2024-08-22
·
CVE-2024-30564
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
inandrei-tatar nora-firebase-common versions 1.0.41 through 1.12.2
Description
The issue allows a remote attacker to execute arbitrary code via a crafted script to the
updateState parameter of the updateStateInternal() method. This enables the attacker to cause a state issue.Recommendations
For versions 1.0.41 through 1.12.2, apply the latest security patch to mitigate the issue. As a temporary workaround, consider restricting access to the
updateStateInternal() method until a patch is available. Avoid using the updateState parameter in the affected method until the issue is resolved.Fix
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Inandrei-Tatar Nora-Firebase-Common