Lucene search
SnykCVELIST:CVE-2021-23566HistoryJan 14, 2022 - 8:05 p.m.
CVE-2021-23566 Information Exposure
2022-01-1420:05:21
snyk
www.cve.org
8
information exposure
package nanoid
vulnerable version
CVSS3
4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P
AI Score
6
Confidence
High
EPSS
0.001
Percentile
29.4%
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CNA Affected
[
{
"product": "nanoid",
"vendor": "n/a",
"versions": [
{
"lessThan": "3.1.31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
nanoid information leakage vulnerability
2022-01-18 00:00:00
ibm
ibm
Security Bulletin: Nanoid as used by IBM QRadar Use Case Manager App is vulnerable to information disclosure (CVE-2021-23566)
2022-06-16 18:23:28
redhatcve
redhatcve
CVE-2021-23566
2022-02-04 19:54:18
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
2022-01-21 23:57:06
CVE-2021-23566
2022-01-14 20:15:10
ubuntucve
ubuntucve
CVE-2021-23566
2022-01-14 00:00:00
prion
prion
Information disclosure
2022-01-14 20:15:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
2022-01-21 23:57:06
veracode
veracode
Information Disclosure
2022-01-17 11:03:13
nvd
nvd
CVE-2021-23566
2022-01-14 20:15:10
cve
cve
CVE-2021-23566
2022-01-14 20:15:10
CVSS3
4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P
AI Score
6
Confidence
High
EPSS
0.001
Percentile
29.4%
Related for CVELIST:CVE-2021-23566