CVE-2021-23566

Exploit

EPSS 0.44%
Veröffentlicht 14.01.2022 20:15:10
Zuletzt bearbeitet 03.11.2025 22:15:47
Quelle report@snyk.io
CVE-Watchlists
Login
Unerledigt
Login

Information Exposure

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nanoid Project ≫ Nanoid SwPlatformnode.js Version >= 3.0.0 < 3.1.31

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.35

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
report@snyk.io	4	2.5	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444

Third Party Advisory

Exploit

https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575

Patch

Third Party Advisory

https://github.com/ai/nanoid/pull/328

Patch

Third Party Advisory

Exploit

Issue Tracking

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550

Third Party Advisory

Exploit

https://snyk.io/vuln/SNYK-JS-NANOID-2332193

Third Party Advisory

Exploit

https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html

https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html

https://nvd.nist.gov/vuln/detail/CVE-2021-23566

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23566

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23566

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-23566