Impact
What kind of vulnerability is it? Who is impacted?
SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possible to make internal requests.
Credits: Oleg Surnin (Positive Technologies).
Patches
Has the problem been patched? What versions should users upgrade to?
v3.9.8 and above
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Code level patch
References
Are there any links users can visit to find out more?
#2373
Impact
What kind of vulnerability is it? Who is impacted?
SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possible to make internal requests.
Credits: Oleg Surnin (Positive Technologies).
Patches
Has the problem been patched? What versions should users upgrade to?
v3.9.8 and above
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Code level patch
References
Are there any links users can visit to find out more?
#2373