Vulnerabilities > CVE-2021-23566 - Incorrect Type Conversion or Cast vulnerability in Nanoid Project Nanoid
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
- https://github.com/ai/nanoid/pull/328
- https://github.com/ai/nanoid/pull/328
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193