CVE-2024-55565

Опубликовано: 09 дек. 2024

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

Затронутые пакеты

Платформа	Пакет	Состояние
Cryostat 3	io.cryostat-cryostat3	Fix deferred
Migration Toolkit for Applications 7	mta/mta-cli-rhel9	Fix deferred
Migration Toolkit for Applications 7	mta/mta-ui-rhel9	Fix deferred
Migration Toolkit for Containers	rhmtc/openshift-migration-ui-rhel8	Fix deferred
Migration Toolkit for Virtualization	migration-toolkit-virtualization/mtv-console-plugin-rhel9	Fix deferred
Node HealthCheck Operator	workload-availability/node-remediation-console-rhel8	Will not fix
OpenShift Lightspeed	openshift-lightspeed-tech-preview/lightspeed-console-plugin-rhel9	Affected
OpenShift Pipelines	openshift-pipelines/pipelines-console-plugin-rhel8	Will not fix
OpenShift Pipelines	openshift-pipelines/pipelines-hub-api-rhel8	Will not fix
OpenShift Pipelines	openshift-pipelines/pipelines-hub-db-migration-rhel8	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=2331063nanoid: nanoid mishandles non-integer values

EPSS

Процентиль: 21%

0.00068

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-55565

CVSS3: 4.3

ubuntu

около 1 года назад

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

CVE-2024-55565

CVSS3: 4.3

nvd

около 1 года назад

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

CVE-2024-55565

CVSS3: 4.3

debian

около 1 года назад

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...

GHSA-mwcw-c2x4-8c55

CVSS3: 4.3

github

около 1 года назад

Predictable results in nanoid generation when given non-integer values

EPSS

Процентиль: 21%

0.00068

Низкий

6.5 Medium

CVSS3