CVE-2021-23566
4.0MEDIUMThe package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Publicado: 1/14/2022Atualizado: 11/3/2025
Descrição
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Análise IADesenvolvido por IA
Produtos Afetados
nanoid_projectnanoid
Referências
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444ExploitThird Party Advisory
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575PatchThird Party Advisory
- https://github.com/ai/nanoid/pull/328ExploitIssue TrackingPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193ExploitThird Party Advisory
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444ExploitThird Party Advisory
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575PatchThird Party Advisory
- https://github.com/ai/nanoid/pull/328ExploitIssue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193ExploitThird Party Advisory