CVE-2024-4128

Name of the Vulnerable Software and Affected Versions firebase-tools versions prior to 13.6.0

Description This issue is related to a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint used to export data from running emulators. If a user is running the emulator and navigates to a malicious website with the exploit on a browser that allows calls to localhost, the website could exfiltrate emulator data.

Recommendations For versions prior to 13.6.0, upgrade past version 13.6.0 or apply the commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0 to resolve the issue. As a temporary workaround, consider restricting access to the export endpoint to minimize the risk of exploitation.