Vulnerability Details CVE-2021-23566
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 4.0
CVSS v2 Score 2.1
References
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
- https://github.com/ai/nanoid/pull/328
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
- https://github.com/ai/nanoid/pull/328
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
Products affected by CVE-2021-23566
-
cpe:2.3:a:nanoid_project:nanoid:3.0.0
-
cpe:2.3:a:nanoid_project:nanoid:3.0.1
-
cpe:2.3:a:nanoid_project:nanoid:3.0.2
-
cpe:2.3:a:nanoid_project:nanoid:3.1.0
-
cpe:2.3:a:nanoid_project:nanoid:3.1.1
-
cpe:2.3:a:nanoid_project:nanoid:3.1.10
-
cpe:2.3:a:nanoid_project:nanoid:3.1.11
-
cpe:2.3:a:nanoid_project:nanoid:3.1.12
-
cpe:2.3:a:nanoid_project:nanoid:3.1.13
-
cpe:2.3:a:nanoid_project:nanoid:3.1.14
-
cpe:2.3:a:nanoid_project:nanoid:3.1.15
-
cpe:2.3:a:nanoid_project:nanoid:3.1.16
-
cpe:2.3:a:nanoid_project:nanoid:3.1.17
-
cpe:2.3:a:nanoid_project:nanoid:3.1.18
-
cpe:2.3:a:nanoid_project:nanoid:3.1.19
-
cpe:2.3:a:nanoid_project:nanoid:3.1.2
-
cpe:2.3:a:nanoid_project:nanoid:3.1.20
-
cpe:2.3:a:nanoid_project:nanoid:3.1.21
-
cpe:2.3:a:nanoid_project:nanoid:3.1.22
-
cpe:2.3:a:nanoid_project:nanoid:3.1.23
-
cpe:2.3:a:nanoid_project:nanoid:3.1.24
-
cpe:2.3:a:nanoid_project:nanoid:3.1.25
-
cpe:2.3:a:nanoid_project:nanoid:3.1.26
-
cpe:2.3:a:nanoid_project:nanoid:3.1.27
-
cpe:2.3:a:nanoid_project:nanoid:3.1.28
-
cpe:2.3:a:nanoid_project:nanoid:3.1.29
-
cpe:2.3:a:nanoid_project:nanoid:3.1.30
-
cpe:2.3:a:nanoid_project:nanoid:3.1.4
-
cpe:2.3:a:nanoid_project:nanoid:3.1.5
-
cpe:2.3:a:nanoid_project:nanoid:3.1.6
-
cpe:2.3:a:nanoid_project:nanoid:3.1.7
-
cpe:2.3:a:nanoid_project:nanoid:3.1.8
-
cpe:2.3:a:nanoid_project:nanoid:3.1.9