VDB
CVE-2021-23566
CVE-2021-23566
PUBLISHED
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
EPSS 0.03% · 8.2th percentile
Risk Scores
EPSS Score
0.03%
8.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | node-mocha | 1.20.1-1, 0, 1.20.1-2 |
| Ubuntu:22.04:LTS | node-postcss | 8.2.1+~cs5.3.23-8, 8.4.5+~cs7.1.51-2, 8.4.6+~cs7.3.21-1 |
| Ubuntu:20.04:LTS | node-postcss | 6.0.23-1, 0, 6.0.23-3 |
| Ubuntu:25.10 | node-mocha | 10.7.2+ds1+~cs33.1.11-2, 0 |
| Ubuntu:22.04:LTS | node-mocha | 8.2.1+ds1+~cs29.4.27-3, 9.2.1+ds1+~cs28.3.8-1, 9.2.0+ds1+~cs28.3.8-1 |
| Ubuntu:18.04:LTS | node-mocha | 1.20.1-7, 0 |
| Ubuntu:25.10 | node-postcss | 8.5.6+~cs9.3.28-1, 0, 8.4.49+~cs9.2.32-1 |
| Ubuntu:24.04:LTS | node-postcss | *, *, 0 |
| Ubuntu:24.04:LTS | node-mocha | *, 10.4.0+ds1+~cs33.1.8-1, 0 |
| Ubuntu:20.04:LTS | node-mocha | 0, 4.1.0+ds3-5, 7.0.1+ds1-2 |
Timeline
- Jan 14, 2022 CVE Published
- Jan 15, 2022 EPSS Score
- Mar 9, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jun 24, 2022 EPSS Score
- Aug 17, 2022 EPSS Score
- Oct 9, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 18, 2023 EPSS Score
- May 10, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23566 third-party-advisory
- https://github.com/ai/nanoid/pull/328 third-party-advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550 third-party-advisory
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444 third-party-advisory
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193 third-party-advisory
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23566 third-party-advisory