Open dhari001 opened 2 years ago
I'm the one who reported the security issue. It's regarding the Firebase access rules.
The following rules allow read & write access to any logged-in user:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
...
}
Reference: https://firebase.google.com/docs/rules/insecure-rules
PS: There is another security-related issue: please run yarn audit
to see dependencies that needs to be updated.
Context : There seems to be a security issue that would allow anyone who signs up to have access to our database and also modify the data.