Vulnerabilities	1 via 1 paths
Dependencies	2
Source	GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Severity

Critical
High
Medium
1
Low

Status

Open
1
Patched
0
Ignored
0

medium severity

Improper Input Validation

Vulnerable module: nanoid
Introduced through: nanoid@4.0.2

Detailed paths

Introduced through: react-wizardry@prabhuignoto/react-wizardry › nanoid@4.0.2

Remediation: Upgrade to nanoid@5.0.9.

Overview

Affected versions of this package are vulnerable to Improper Input Validation due to the mishandling of fractional values in the nanoid function. By exploiting this vulnerability, an attacker can achieve an infinite loop.

Remediation

Upgrade nanoid to version 3.3.8, 5.0.9 or higher.

References

GitHub Commit
GitHub PR
GitHub Release

Improper Input Validation vulnerability report

Vulnerabilities

Dependencies