This repository has been archived by the owner on Jun 2, 2023. It is now read-only.
CVE-2021-23566 @ Npm-nanoid-3.1.30 #21
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Vulnerable Package issue exists @ Npm-nanoid-3.1.30 in branch main
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Namespace: yangricardo
Repository: nextjs-tailwind-reacthook-form-ant-design-template
Repository Url: https://github.com/yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
CxAST-Project: yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
CxAST platform scan: 8fc1cf6c-819f-4734-b20d-87c2af04c0b2
Branch: main
Application: nextjs-tailwind-reacthook-form-ant-design-template
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-704
Additional Info
Attack vector: LOCAL
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: NONE
Remediation Upgrade Recommendation: 3.1.31
References
Advisory
Commit
Pull request
The text was updated successfully, but these errors were encountered: