CVE-2024-55565Infinite Loop in Project Nanoid

CWE-835Infinite Loop6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 71.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Node-mochaDebian Node-postcssNanoid Project Nanoid
Timeline
PublishedDec 9

Description

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

npmnanoid_project/nanoid4.0.05.0.9+1
debiandebian/node-mocha< node-mocha 9.1.4+ds1+~cs28.2.8-1 (bookworm)
debiandebian/node-postcss< node-mocha 9.1.4+ds1+~cs28.2.8-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2024-55565: nanoid (aka Nano ID) before 52024-12-09
OSV
Predictable results in nanoid generation when given non-integer values2024-12-09
GHSA
Predictable results in nanoid generation when given non-integer values2024-12-09

📋Vendor Advisories

2
Red Hat
nanoid: nanoid mishandles non-integer values2024-12-09
Debian
CVE-2024-55565: node-mocha - nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a...2024