Описание
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-postcss | fixed | 8.4.49+~cs9.2.32-1 | package | |
| node-postcss | fixed | 8.4.20+~cs8.0.23-1+deb12u1 | bookworm | package |
| node-mocha | fixed | 9.1.4+ds1+~cs28.2.8-1 | package |
Примечания
node-postcss bundles nanoid
https://github.com/ai/nanoid/pull/510
https://github.com/ai/nanoid/commit/d643045f40d6dc8afa000a644d857da1436ed08c (3.3.8)
node-mocha/9.1.4+ds1+~cs28.2.8-1 removes the node-nanoid copy
Связанные уязвимости
CVSS3: 4.3
ubuntu
около 1 года назад
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
CVSS3: 6.5
redhat
около 1 года назад
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
CVSS3: 4.3
nvd
около 1 года назад
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
CVSS3: 4.3
github
около 1 года назад
Predictable results in nanoid generation when given non-integer values