1. Firebase Sync Vulnerability: Cloud Payload Trusted Without Runtime Validation, Risking App Crashes & Data Corruption
A critical security flaw in the application's Firebase synchronization service allows unvalidated external data to be directly cast and trusted, creating a direct path for app crashes and data corruption. The vulnerability resides in the `pullFromFirebase()` and `subscribeToFirebase()` functions within `src/services/fi...