To support the growing demands of open source security, OSS Index will migrate to Sonatype Guide on 04/28. To learn more about how to prepare for this transition, click here.

Vulnerability

CVE-2024-55565

Report advisory or correction

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

CWE

References

https://github.com/ai/nanoid/pull/510

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-55565

[CVE-2024-55565] CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Description

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

See nanoid package information