MidnightBSD

Advisories for nanoid_project

CVE-2021-23566 LOW

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-704,

Products Affected

Vendor Product Version
nanoid_project nanoid *