Information Exposure via valueOf() function in nanoid package (3.0.0 - 3.1.31)

CVE-2021-23566 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Learn more about our Web Application Penetration Testing UK.