VulnerableCode Package Details - pkg:npm/firebase@8.9.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/firebase@8.9.1

Essentials
History (1)

purl	pkg:npm/firebase@8.9.1

Next non-vulnerable version	10.9.0
Latest non-vulnerable version	10.9.0
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-8yet-b9js-d3bz Aliases: CVE-2024-11023 GHSA-3wf4-68gx-mph8	Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow an actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0.	10.9.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:47:06.666779+00:00	GitLab Importer	Affected by	VCID-8yet-b9js-d3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/firebase/CVE-2024-11023.yml	38.6.0