Vulnerabilities > CVE-2021-23566 - Incorrect Type Conversion or Cast vulnerability in Nanoid Project Nanoid

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
nanoid-project
CWE-704
NVD
Published: 2022-01-14
Updated: 2022-07-12

Summary

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Vulnerable Configurations

Part Description Count
Application
Nanoid_Project
33

Common Weakness Enumeration (CWE)

References