{"id":"CVE-2021-23566","details":"The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.","aliases":["GHSA-qrpm-p2h7-hrv2"],"modified":"2026-04-12T00:08:49.792182Z","published":"2022-01-14T20:15:10.093Z","related":["SNYK-JAVA-ORGWEBJARSNPM-2332550","SNYK-JS-NANOID-2332193"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html"},{"type":"FIX","url":"https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575"},{"type":"FIX","url":"https://github.com/ai/nanoid/pull/328"},{"type":"EVIDENCE","url":"https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JS-NANOID-2332193"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ai/nanoid","events":[{"introduced":"7b45b890ce9cba85c8dc08fdb7ad401b966ed067"},{"fixed":"07fdfa6618e2668ce51b2554ee3e1a3ad87b0492"},{"fixed":"2b7bd9332bc49b6330c7ddb08e5c661833db2575"}],"database_specific":{"cpe":"cpe:2.3:a:nanoid_project:nanoid:*:*:*:*:*:node.js:*:*","extracted_events":[{"introduced":"3.0.0"},{"fixed":"3.1.31"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["3.0.0","3.0.1","3.0.2","3.1.0","3.1.1","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.2","3.1.20","3.1.21","3.1.22","3.1.23","3.1.24","3.1.25","3.1.26","3.1.27","3.1.28","3.1.29","3.1.30","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23566.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}