CVE-2021-23566

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions nanoid versions 3.0.0 through 3.1.30

Description The issue allows for Information Exposure via the valueOf() function, enabling the reproduction of the last generated id.

Recommendations For nanoid versions 3.0.0 through 3.1.30, update to version 3.1.31 or later to resolve the issue.

Exploit

Fix

Incorrect Type Conversion or Cast

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2021-23566

DLA-4003-1

DLA-4013-1

GHSA-QRPM-P2H7-HRV2

SNYK-JAVA-ORGWEBJARSNPM-2332550

SNYK-JS-NANOID-2332193

Nanoid