CVE-2024-55565
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 9, 2024
Updated: Dec 12, 2024
CWE ID 835
Summary
CVE-2024-55565 is a vulnerability affecting the nanoid library, also known as Nano ID, before version 5.0.9. This issue arises due to the library's mishandling of non-integer values. As a result, malicious actors could exploit this flaw to generate predictable IDs and potentially gain unauthorized access to affected systems. Users are advised to upgrade to version 5.0.9 or higher to mitigate this risk. Previous versions, including 3.3.8, have also been identified as fixed.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- NANO-ID