Name of the Vulnerable Software and Affected Versions Personnummer versions prior to 3.0.2 Personnummer versions prior to 3.0.1 Personnummer versions prior to 3.0.3 Personnummer versions prior to 3.0.0 Personnummer versions prior to 3.3.0 Personnummer versions prior to 3.1.0 Personnummer versions prior to 1.1.0 Personnummer versions prior to 3.0.1 Personnummer versions prior to 3.0.2 Personnummer versions prior to 3.0.1 Personnummer versions prior to 3.0.0 Personnummer versions prior to 3.0.2 Personnummer versions prior to 3.0.1 Personnummer versions prior to 3.0.1 Personnummer versions prior to 1.0.1

Description This issue is determined to be low severity and impacts users who rely on the last digits of personnummer to be a real personnummer. The vulnerability arises from the regular expression allowing the first three digits in the last four digits of the personnummer to be 000, which is invalid.

Recommendations Update to version 3.0.2 or later for C#, PHP, and Python. Update to version 3.0.1 or later for D, Go, Lua, Ruby, and Scala. Update to version 3.0.3 or later for Dart. Update to version 3.3.0 or later for Java. Update to version 3.1.0 or later for JavaScript. Update to version 1.1.0 or later for Kotlin. Update to version 3.0.0 or later for Elixir, Perl, and Rust. Update to version 1.0.1 or later for Swift. As a temporary workaround, a check on the last four digits can be made to ensure it's not 000x.