Skip to main content

Incorrect Type Conversion or Cast

CVE-2021-23566

Severity Medium
Score 5.5/10

Summary

The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-704 - Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

Advisory Timeline

  • Published