Описание
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Ссылки
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.1.31 (исключая)
cpe:2.3:a:nanoid_project:nanoid:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 6%
0.00025
Низкий
4 Medium
CVSS3
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-704
Связанные уязвимости
CVSS3: 4
ubuntu
около 4 лет назад
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CVSS3: 5.5
redhat
около 4 лет назад
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CVSS3: 4
debian
около 4 лет назад
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...
CVSS3: 5.5
github
около 4 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
EPSS
Процентиль: 6%
0.00025
Низкий
4 Medium
CVSS3
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-704