Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by nanoid_project

CVE-2021-23566 (GCVE-0-2021-23566)

Vulnerability from cvelistv5 – Published: 2022-01-14 20:05 – Updated: 2025-11-03 21:44
VLAI
Title
Information Exposure
Summary
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CWE
  • Information Exposure
Assigner
Impacted products
Vendor Product Version
n/a nanoid Affected: unspecified , < 3.1.31 (custom)
Date Public
2022-01-14 00:00
Credits
Artyom Arutyunyan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:44:38.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ai/nanoid/pull/328"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nanoid",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "3.1.31",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Artyom Arutyunyan"
        }
      ],
      "datePublic": "2022-01-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Exposure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-02T18:10:58.000Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ai/nanoid/pull/328"
        }
      ],
      "title": "Information Exposure",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "DATE_PUBLIC": "2022-01-14T20:00:02.498233Z",
          "ID": "CVE-2021-23566",
          "STATE": "PUBLIC",
          "TITLE": "Information Exposure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "nanoid",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.1.31"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Artyom Arutyunyan"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193"
            },
            {
              "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550"
            },
            {
              "name": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444",
              "refsource": "MISC",
              "url": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444"
            },
            {
              "name": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575",
              "refsource": "MISC",
              "url": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575"
            },
            {
              "name": "https://github.com/ai/nanoid/pull/328",
              "refsource": "MISC",
              "url": "https://github.com/ai/nanoid/pull/328"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2021-23566",
    "datePublished": "2022-01-14T20:05:21.597Z",
    "dateReserved": "2021-01-08T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:44:38.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}