CVE-2021-23566 MEDIUM

CVE-2021-23566: Information Exposure

Vendor N/A
Product nanoid
Published January 14, 2022
Last update November 3, 2025

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P

What the vulnerability does

01Description

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Key dates

02Disclosure timeline

January 14, 2022 CVE published
November 3, 2025 Record updated