Описание
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-23566
- https://github.com/ai/nanoid/pull/328
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
- https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
Пакеты
nanoid
>= 3.0.0, < 3.1.31
3.1.31
Связанные уязвимости
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...