{"id":"CVE-2024-4128","details":"This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit  068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0 \n","aliases":["GHSA-rcm2-22f3-pqv3","GO-2024-2808"],"modified":"2026-03-14T12:35:55.855696Z","published":"2024-05-02T14:15:10.753Z","references":[{"type":"FIX","url":"https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0"},{"type":"FIX","url":"https://github.com/firebase/firebase-tools/pull/6944"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/firebase/firebase-tools","events":[{"introduced":"0"},{"fixed":"f6b7d059ce692adf03a42dcc674659aac2e4bdf2"},{"fixed":"068a2b08dc308c7ab4b569617f5fc8821237e3a0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"13.6.0"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.2.0","v10.0.0","v10.0.1","v10.1.0","v10.1.1","v10.1.2","v10.1.3","v10.1.4","v10.1.5","v10.2.0","v10.2.1","v10.2.2","v10.3.0","v10.3.1","v10.4.0","v10.4.1","v10.4.2","v10.5.0","v10.6.0","v10.7.0","v10.7.1","v10.7.2","v10.8.0","v10.9.0","v10.9.1","v10.9.2","v11.0.0","v11.0.1","v11.1.0","v11.10.0","v11.11.0","v11.12.0","v11.13.0","v11.14.0","v11.14.1","v11.14.2","v11.14.3","v11.14.4","v11.15.0","v11.16.0","v11.16.1","v11.18.0","v11.19.0","v11.2.0","v11.2.1","v11.2.2","v11.20.0","v11.21.0","v11.22.0","v11.23.0","v11.23.1","v11.24.0","v11.24.1","v11.25.0","v11.25.1","v11.25.2","v11.25.3","v11.26.0","v11.27.0","v11.28.0","v11.29.0","v11.29.1","v11.3.0","v11.30.0","v11.4.0","v11.4.1","v11.4.2","v11.5.0","v11.6.0","v11.7.0","v11.8.0","v11.8.1","v11.9.0","v12.0.0","v12.0.1","v12.1.0","v12.2.0","v12.2.1","v12.3.0","v12.3.1","v12.4.0","v12.4.1","v12.4.2","v12.4.3","v12.4.4","v12.4.5","v12.4.6","v12.4.7","v12.4.8","v12.5.0","v12.5.1","v12.5.2","v12.5.4","v12.6.0","v12.6.1","v12.6.2","v12.7.0","v12.8.0","v12.8.1","v12.9.0","v12.9.1","v13.0.0","v13.0.1","v13.0.2","v13.0.3","v13.1.0","v13.2.0","v13.2.1","v13.3.0","v13.3.1","v13.4.0","v13.4.1","v13.5.0","v13.5.1","v13.5.2","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.1.1","v2.2.0","v2.2.1","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.8","v3.1.0","v3.10.0","v3.10.1","v3.11.0","v3.12.0","v3.13.0","v3.13.1","v3.14.0","v3.15.0","v3.15.1","v3.15.2","v3.15.3","v3.15.4","v3.16.0","v3.17.0","v3.17.1","v3.17.2","v3.17.3","v3.17.4","v3.17.5","v3.17.6","v3.17.7","v3.18.0","v3.18.1","v3.18.2","v3.18.3","v3.18.4","v3.18.5","v3.18.6","v3.19.0","v3.19.1","v3.19.2","v3.19.3","v3.2.0","v3.2.1","v3.2.2","v3.2.3","v3.3.0","v3.4.0","v3.5.0","v3.6.0","v3.6.1","v3.7.0","v3.8.0","v3.9.0","v3.9.1","v3.9.2","v4.0.0","v4.0.1","v4.0.2","v4.0.3","v4.1.0","v4.1.1","v4.1.2","v4.2.0","v4.2.1","v5.0.0","v5.0.1","v5.1.0","v5.1.1","v6.0.0","v6.0.1","v6.1.0","v6.1.1","v6.1.2","v6.10.0","v6.11.0","v6.12.0","v6.2.0","v6.2.1","v6.2.2","v6.3.0","v6.3.1","v6.4.0","v6.5.0","v6.5.1","v6.5.2","v6.5.3","v6.6.0","v6.7.0","v6.7.1","v6.7.2","v6.8.0","v6.9.0","v6.9.1","v6.9.2","v7.0.0","v7.0.1","v7.0.2","v7.1.0","v7.1.1","v7.10.0","v7.11.0","v7.12.0","v7.12.1","v7.13.0","v7.13.1","v7.14.0","v7.15.0","v7.15.1","v7.16.0","v7.16.1","v7.16.2","v7.2.0","v7.2.1","v7.2.2","v7.2.3","v7.2.4","v7.3.0","v7.3.1","v7.3.2","v7.4.0","v7.5.0","v7.6.0","v7.6.1","v7.6.2","v7.7.0","v7.8.0","v7.8.1","v7.9.0","v8.0.0","v8.0.1","v8.0.2","v8.0.3","v8.1.0","v8.1.1","v8.10.0","v8.11.0","v8.11.1","v8.11.2","v8.12.0","v8.12.1","v8.13.0","v8.13.1","v8.14.0","v8.14.1","v8.15.0","v8.15.1","v8.16.0","v8.16.1","v8.16.2","v8.17.0","v8.18.0","v8.18.1","v8.19.0","v8.2.0","v8.20.0","v8.3.0","v8.4.0","v8.4.1","v8.4.2","v8.4.3","v8.5.0","v8.6.0","v8.7.0","v8.8.0","v8.8.1","v8.9.0","v8.9.1","v8.9.2","v9.0.0","v9.0.1","v9.1.0","v9.1.1","v9.1.2","v9.10.0","v9.10.1","v9.10.2","v9.11.0","v9.12.0","v9.12.1","v9.13.0","v9.13.1","v9.14.0","v9.15.0","v9.15.1","v9.16.0","v9.16.1","v9.16.2","v9.16.3","v9.16.4","v9.16.5","v9.16.6","v9.17.0","v9.18.0","v9.19.0","v9.2.0","v9.2.1","v9.2.2","v9.20.0","v9.21.0","v9.22.0","v9.23.0","v9.23.1","v9.23.2","v9.3.0","v9.4.0","v9.5.0","v9.6.0","v9.6.1","v9.7.0","v9.8.0","v9.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4128.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}