Security Bulletin: A vulnerability in NanoID affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in NanoID affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop with Unreachable Exit Condition...

Security Bulletin: Vulnerabilities in nanoid affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in nanoid has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid a...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in nanoid-2.1.11.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of nanoid-2.1.11.tgz Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop with Unreachable Exit Condition...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in nanoid

Summary IBM Watson Discovery for Cartridge contains a vulnerable version of nanoid Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to nanoid-3.3.7.tgz CVE-2024-55565

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to nanoid-3.3.7.tgz CVE-2024-55565. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer...

SUSE CVE-2024-55565

nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...

Predictable results in nanoid generation when given non-integer values

When nanoid is called with a fractional value, there were a number of undesirable effects: 1. in browser and non-secure, the code infinite loops on while size-- 2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled 3. if the...

CVE-2024-55565

nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...

nanoid 安全漏洞

nanoid Nano ID is a small, secure, URL-friendly, unique string ID generator for JavaScript by the individual developer Andrey Sitnik. A security vulnerability exists in nanoid versions prior to 5.0.9, which stems from improper handling of non-integer values...

02.aula (=1.0.0), 19json-validator (>=0.0.3 <=0.0.4) +2004 more potentially affected by CVE-2021-23566 via nanoid (>=3.0.0 <=3.1.30)

nanoid NPM version =3.0.0, =0.0.3, =0.0.1, =0.1.23, =0.1.4, =0.1.3, =1.0.0, =0.1.1-alpha.51, =0.0.20, =1.0.1, =0.0.1, =0.4.2, =0.4.11 - @agrippa-io/node-connection-manager =1.0.0 and more Source cves: CVE-2021-23566 Source advisory: OSV:GHSA-QRPM-P2H7-HRV2...

GHSA-QRPM-P2H7-HRV2 Exposure of Sensitive Information to an Unauthorized Actor in nanoid

The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

PT-2022-9413 · Nanoid · Nanoid

Name of the Vulnerable Software and Affected Versions: nanoid versions 3.0.0 through 3.1.30 Description: The issue allows for Information Exposure via the valueOf function, enabling the reproduction of the last generated id. Recommendations: For nanoid versions 3.0.0 through 3.1.30, update to...

nanoid 代码问题漏洞

nanoid is a small, secure, URL-friendly, unique string ID generator for JavaScript. nanoid is vulnerable, stemming from nanoid's vulnerability to information exposure via the valueOf function, which allows the last generated id to be reproduced. no details of the vulnerability are currently...

02.aula (=1.0.0), 19json-validator (>=0.0.3 <=0.0.4) +2004 more potentially affected by CVE-2021-23566 via nanoid (>=3.0.0 <=3.1.30)

nanoid NPM version =3.0.0, =0.0.3, =0.0.1, =0.1.23, =0.1.4, =0.1.3, =1.0.0, =0.1.1-alpha.51, =0.0.20, =1.0.1, =0.0.1, =0.4.2, =0.4.11 - @agrippa-io/node-connection-manager =1.0.0 and more Source cves: CVE-2021-23566 Source advisory: SNYK:JS-NANOID-2332193...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated. PoC javascript import nanoid from 'nanoid'; const makeProxyNumberToReproducePreviousID = = let step = 0; return valueOf // // if !pool ||...