Lucene search
SnykCVELIST:CVE-2021-23566HistoryJan 14, 2022 - 12:00 a.m.
CVE-2021-23566 Information Exposure
2022-01-1400:00:00
snyk
www.cve.org
4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.2%
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CNA Affected
[
{
"product": "nanoid",
"vendor": "n/a",
"versions": [
{
"lessThan": "3.1.31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
2022-01-21 23:57:06
CVE-2021-23566
2022-01-14 20:15:10
redhatcve
redhatcve
CVE-2021-23566
2022-02-04 19:54:18
cnvd
cnvd
nanoid information leakage vulnerability
2022-01-18 00:00:00
ibm
ibm
Security Bulletin: Nanoid as used by IBM QRadar Use Case Manager App is vulnerable to information disclosure (CVE-2021-23566)
2022-06-16 18:23:28
prion
prion
Information disclosure
2022-01-14 20:15:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
2022-01-21 23:57:06
ubuntucve
ubuntucve
CVE-2021-23566
2022-01-14 00:00:00
veracode
veracode
Information Disclosure
2022-01-17 11:03:13
cve
cve
CVE-2021-23566
2022-01-14 20:15:10
nvd
nvd
CVE-2021-23566
2022-01-14 20:15:10
4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.2%
Related for CVELIST:CVE-2021-23566