Vulnerabilities

 1 via 1 paths

Dependencies

 2

Source

 GitHub

Commit

 3c13cd17

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Improper Input Validation

  • Vulnerable module: nanoid
  • Introduced through: nanoid@4.0.2

Detailed paths

  • Introduced through: react-wizardry@prabhuignoto/react-wizardry#3c13cd1752f793db7ab12975b93356a19945d3a1 nanoid@4.0.2
    Remediation: Upgrade to nanoid@5.0.9.

Overview

Affected versions of this package are vulnerable to Improper Input Validation due to the mishandling of fractional values in the nanoid function. By exploiting this vulnerability, an attacker can achieve an infinite loop.

Remediation

Upgrade nanoid to version 3.3.8, 5.0.9 or higher.

References

Improper Input Validation vulnerability report