Moderate severityNVD Advisory· Published Jan 14, 2022· Updated Nov 3, 2025
Information Exposure
CVE-2021-23566
Description
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nanoidnpm | >= 3.0.0, < 3.1.31 | 3.1.31 |
Affected products
2- nanoid/nanoiddescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-qrpm-p2h7-hrv2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23566ghsaADVISORY
- gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444ghsax_refsource_MISCWEB
- github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575ghsax_refsource_MISCWEB
- github.com/ai/nanoid/pull/328ghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2024/12/msg00025.htmlghsaWEB
- lists.debian.org/debian-lts-announce/2025/01/msg00006.htmlghsaWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-NANOID-2332193ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.