CVE-2021-23566
4.0MEDIUMThe package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
게시됨: 1/14/2022업데이트됨: 11/3/2025
설명
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
AI 분석AI 기반
영향받는 제품
nanoid_projectnanoid
참조
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444ExploitThird Party Advisory
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575PatchThird Party Advisory
- https://github.com/ai/nanoid/pull/328ExploitIssue TrackingPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193ExploitThird Party Advisory
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444ExploitThird Party Advisory
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575PatchThird Party Advisory
- https://github.com/ai/nanoid/pull/328ExploitIssue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193ExploitThird Party Advisory