CVE-2021-23566

4.0 MEDIUM

Published: January 14, 2022 Modified: November 03, 2025

Description

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444

Source: report@snyk.io

Exploit Third Party Advisory

https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575

Source: report@snyk.io

Patch Third Party Advisory

https://github.com/ai/nanoid/pull/328

Source: report@snyk.io

Exploit Issue Tracking Patch Third Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550

Source: report@snyk.io

Exploit Third Party Advisory

https://snyk.io/vuln/SNYK-JS-NANOID-2332193

Source: report@snyk.io

Exploit Third Party Advisory

https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444