Medium severity4.0NVD Advisory· Published Dec 4, 2023· Updated May 7, 2026

CVE-2023-6460

Description

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
@google-cloud/firestorenpm	< 6.1.0	6.1.0

Affected products

Google/Cloud Firestore
cpe:2.3:a:google:cloud_firestore:*:*:*:*:*:node.js:*:*
Range: <6.1.0
Google/nodejs-firestorev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/googleapis/nodejs-firestore/pull/1742nvdIssue TrackingPatchWEB
github.com/advisories/GHSA-4g6q-77j7-vvjcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-6460ghsaADVISORY
bughunters.google.com/reports/vrp/KNvgo1WijnvdWEB
github.com/googleapis/nodejs-firestore/releases/tag/v6.1.0ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000