nanoid 3.1.12
1 security vulnerability
found in version
3.1.12
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
medium severity CVE-2021-23566
medium severity
CVE-2021-23566
Affected versions:
>= 3.0.0, < 3.1.31
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Author did not declare license for this package in the source code.
This package version has a MIT license in the source code, however it was not declared in the source code.
This package version is available.
This package version has not been yanked and is still available for usage.