Incorrect Type Conversion or Cast
CVE-2021-23566
Summary
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-704 - Incorrect Type Conversion or Cast
The software does not correctly convert an object, resource, or structure from one type to a different type.
References
Advisory Timeline
- Published