5.5

CVE-2021-23566

Exploit
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nanoid ProjectNanoid SwPlatformnode.js Version >= 3.0.0 < 3.1.31
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.074
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
report@snyk.io 4 2.5 1.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://github.com/ai/nanoid/pull/328
Patch
Third Party Advisory
Exploit
Issue Tracking
https://snyk.io/vuln/SNYK-JS-NANOID-2332193
Third Party Advisory
Exploit