Vulnerabilities

 1 via 1 paths

Dependencies

 7

Source

 GitHub

Commit

 df3c308c

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Improper Input Validation

  • Vulnerable module: nanoid
  • Introduced through: nanoid@4.0.2

Detailed paths

  • Introduced through: react-float-menu@prabhuignoto/react-float-menu#df3c308cb211d3d01991ae23696776cbca522dff nanoid@4.0.2
    Remediation: Upgrade to nanoid@5.0.9.

Overview

Affected versions of this package are vulnerable to Improper Input Validation due to the mishandling of fractional values in the nanoid function. By exploiting this vulnerability, an attacker can achieve an infinite loop.

Remediation

Upgrade nanoid to version 3.3.8, 5.0.9 or higher.

References

Improper Input Validation vulnerability report