-
Notifications
You must be signed in to change notification settings - Fork 917
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2021-23566 (Medium) detected in nanoid-3.1.30.tgz - autoclosed #1160
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v1.3.2
Comments
mend-for-github.aaakk.us.kg
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by Mend
label
Jan 16, 2022
tmarkley
added
medium severity
Medium severity CVE
cve
Security vulnerabilities detected by Dependabot or Mend
labels
Jan 18, 2022
mend-for-github.aaakk.us.kg
bot
changed the title
CVE-2021-23566 (Medium) detected in nanoid-3.1.30.tgz
CVE-2021-23566 (Medium) detected in nanoid-3.1.30.tgz - autoclosed
Feb 4, 2022
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 9, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
# [31.1.0](elastic/elastic-charts@v31.0.0...v31.1.0) (2021-07-06) ### Bug Fixes * **heatmap:** pick correct brush end value ([opensearch-project#1230](elastic/elastic-charts#1230)) ([cb95a75](elastic/elastic-charts@cb95a75)), closes [opensearch-project#1229](elastic/elastic-charts#1229) ### Features * **a11y:** accessible goal and gauge chart ([#1174](elastic/elastic-charts#1174)) ([775dc98](elastic/elastic-charts@775dc98)), closes [opensearch-project#1160](elastic/elastic-charts#1160)
1 task
tmarkley
pushed a commit
that referenced
this issue
Apr 29, 2022
Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.30 to 3.2.0. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.1.30...3.2.0) Resolves #1160 - CVE-2021-23566 --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tommy Markley <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v1.3.2
CVE-2021-23566 - Medium Severity Vulnerability
Vulnerable Library - nanoid-3.1.30.tgz
A tiny (130 bytes), secure URL-friendly unique string ID generator
Library home page: https://registry.npmjs.org/nanoid/-/nanoid-3.1.30.tgz
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Publish Date: 2022-01-14
URL: CVE-2021-23566
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23566
Release Date: 2022-01-14
Fix Resolution: nanoid - 3.1.31
The text was updated successfully, but these errors were encountered: