9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.6%
nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62
and nano_id::base58
functions. Specifically, the base62
function used a character set of 32 symbols instead of the intended 62 symbols, and the base58
function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the nano_id::gen
macro is also affected when a custom character set that is not a power of 2 in size is specified. It should be noted that nano_id::base64
is not affected by this vulnerability. This can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers. The vulnerability is fixed in 0.4.0.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.6%