Bug 2050853 (CVE-2021-23566)
| Summary: | CVE-2021-23566 nanoid: Information disclosure via valueOf() function | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Todd Cullum <tcullum> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | ahanwate, amctagga, amuller, anpicker, anprice, aos-bugs, asoldano, atangrin, bbaranow, bcoca, bmaxwell, bmontgom, brian.stansberry, cdewolf, cfeist, chazlett, chousekn, cmeyers, darran.lofthouse, davidn, dkreling, dosoudil, eclipseo, eleandro, eparis, erooth, fboucher, fjuma, gblomqui, go-sig, gparvin, hvyas, idevat, iweiss, jburrell, jcammara, jhadvig, jhardy, jobarker, jochrist, jokerman, jpallich, jperkins, jramanat, jwon, krathod, kwills, lgao, lmohanty, mabashia, madam, mail, mattias.ellert, mlisik, msochure, msvehla, njean, notting, nstielau, nwallace, omular, openstack-sig, osapryki, oskutka, pabelanger, pahickey, pjindal, pmackay, pvalena, relrod, rguimara, rpetrell, rstancel, rsvoboda, scorneli, sdoran, smaestri, smcdonal, spasquie, sponnaga, stcannon, strzibny, thrcka, tkuratom, tojeline, tom.jenkinson, vondruch, yborgess |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | nanoid 3.1.31 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the nanoid library where the valueOf() function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-04 05:32:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2053623, 2053624, 2053625, 2053626, 2056084, 2056942, 2060130, 2062974, 2062975, 2062976, 2065490, 2065495, 2069288, 2069289, 2069290, 2069291, 2069292, 2069293, 2069555, 2079065 | ||
| Bug Blocks: | 2050841 | ||
|
Description
Todd Cullum
2022-02-04 19:18:09 UTC
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Via RHSA-2022:0595 https://access.redhat.com/errata/RHSA-2022:0595 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23566 Created golang-ariga-atlas tracking bugs for this issue: Affects: fedora-all [bug 2069293] Created golang-vitess tracking bugs for this issue: Affects: fedora-all [bug 2069288] Created pcs tracking bugs for this issue: Affects: fedora-all [bug 2069289] Created python-ipyparallel tracking bugs for this issue: Affects: fedora-all [bug 2069290] Created vagrant tracking bugs for this issue: Affects: fedora-all [bug 2069291] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2069292] This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Via RHSA-2022:1083 https://access.redhat.com/errata/RHSA-2022:1083 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:1476 https://access.redhat.com/errata/RHSA-2022:1476 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:5069 https://access.redhat.com/errata/RHSA-2022:5069 This issue has been addressed in the following products: Red Hat OpenShift Data Foundation 4.11 on RHEL8 Via RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156 |