CVE-2021-23566
4.0MEDIUMThe package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Publicado: 1/14/2022Actualizado: 11/3/2025
Descripción
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Análisis IAImpulsado por IA
Productos Afectados
nanoid_projectnanoid
Referencias
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444ExploitThird Party Advisory
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575PatchThird Party Advisory
- https://github.com/ai/nanoid/pull/328ExploitIssue TrackingPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193ExploitThird Party Advisory
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444ExploitThird Party Advisory
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575PatchThird Party Advisory
- https://github.com/ai/nanoid/pull/328ExploitIssue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193ExploitThird Party Advisory