Medium severity4.0NVD Advisory· Published Dec 4, 2023· Updated May 7, 2026
CVE-2023-6460
CVE-2023-6460
Description
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@google-cloud/firestorenpm | < 6.1.0 | 6.1.0 |
Affected products
3- Google/nodejs-firestorev5Range: 0
Patches
Vulnerability mechanics
References
5- github.com/googleapis/nodejs-firestore/pull/1742nvdIssue TrackingPatchWEB
- github.com/advisories/GHSA-4g6q-77j7-vvjcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6460ghsaADVISORY
- bughunters.google.com/reports/vrp/KNvgo1WijnvdWEB
- github.com/googleapis/nodejs-firestore/releases/tag/v6.1.0ghsaWEB
News mentions
0No linked articles in our index yet.