Описание
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-postcss | fixed | 8.4.5+~cs7.1.51-1 | package | |
| node-mocha | fixed | 9.1.4+ds1+~cs28.2.8-1 | package |
Примечания
https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575 (3.1.31)
https://github.com/ai/nanoid/pull/328
node-mocha/9.1.4+ds1+~cs28.2.8-1 removes the node-nanoid copy
EPSS
Связанные уязвимости
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
EPSS