Описание
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
A flaw was found in the nanoid library where the valueOf() function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Fix deferred | ||
| OpenShift Developer Tools and Services | odo | Not affected | ||
| Red Hat Ansible Automation Platform 2 | automation-controller | Affected | ||
| Red Hat Data Grid 8 | org.infinispan-infinispan-console | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | io.smallrye-smallrye-open-api-parent | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | io.smallrye-smallrye-open-api-parent | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-console | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-prometheus | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-grafana-container | Fixed | RHSA-2022:1476 | 21.04.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-must-gather-container | Fixed | RHSA-2022:1476 | 21.04.2022 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
5.5 Medium
CVSS3