Bug 2331063 (CVE-2024-55565) - CVE-2024-55565 nanoid: nanoid mishandles non-integer values
Summary: CVE-2024-55565 nanoid: nanoid mishandles non-integer values
Keywords:
Status: NEW
Alias: CVE-2024-55565
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2331093 2331094 2331095 2331096 2421683 2421684 2421685 2421687 2421688 2421689 2331091 2331092 2331097 2331098 2331099 2331100 2331101 2331102 2331103 2331104 2331105 2331106 2331107 2331108 2331109 2331110 2331111 2331112 2331113 2331114 2421682 2421686 2423750 2423753 2423754 2423755 2423756 2423757
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-12-09 02:01 UTC by OSIDB Bzimport
Modified: 2026-01-03 08:28 UTC (History)
182 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github jupyterlab jupyterlab issues 17056 0 None open CVE-2024-55565 in nanoid <3.3.8,<5.0.9 2024-12-09 08:52:46 UTC
Red Hat Product Errata RHSA-2025:0079 0 None None None 2025-01-08 10:04:36 UTC
Red Hat Product Errata RHSA-2025:0082 0 None None None 2025-01-08 11:32:13 UTC
Red Hat Product Errata RHSA-2025:0340 0 None None None 2025-01-15 16:51:19 UTC
Red Hat Product Errata RHSA-2025:0654 0 None None None 2025-01-28 04:29:23 UTC
Red Hat Product Errata RHSA-2025:0723 0 None None None 2025-01-27 21:51:02 UTC
Red Hat Product Errata RHSA-2025:0778 0 None None None 2025-01-28 20:57:35 UTC
Red Hat Product Errata RHSA-2025:0785 0 None None None 2025-01-28 23:59:54 UTC
Red Hat Product Errata RHSA-2025:0851 0 None None None 2025-01-30 21:31:11 UTC
Red Hat Product Errata RHSA-2025:0875 0 None None None 2025-02-05 10:49:51 UTC
Red Hat Product Errata RHSA-2025:0892 0 None None None 2025-02-03 13:09:54 UTC
Red Hat Product Errata RHSA-2025:1051 0 None None None 2025-02-05 08:58:29 UTC
Red Hat Product Errata RHSA-2025:2652 0 None None None 2025-03-11 09:16:37 UTC

Description OSIDB Bzimport 2024-12-09 02:01:10 UTC 
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
Comment 2 Lumír Balhar 2024-12-09 08:52:47 UTC 
Reported upstream: https://github.com/jupyterlab/jupyterlab/issues/17056
Comment 3 errata-xmlrpc 2025-01-08 10:04:28 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2025:0079 https://access.redhat.com/errata/RHSA-2025:0079
Comment 4 errata-xmlrpc 2025-01-08 11:32:03 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2025:0082 https://access.redhat.com/errata/RHSA-2025:0082
Comment 5 errata-xmlrpc 2025-01-15 16:51:10 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2025:0340 https://access.redhat.com/errata/RHSA-2025:0340
Comment 8 errata-xmlrpc 2025-01-27 21:50:54 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.7 for RHEL 9
  multicluster engine for Kubernetes 2.7 for RHEL 8

Via RHSA-2025:0723 https://access.redhat.com/errata/RHSA-2025:0723
Comment 9 errata-xmlrpc 2025-01-28 04:29:15 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0654 https://access.redhat.com/errata/RHSA-2025:0654
Comment 10 errata-xmlrpc 2025-01-28 20:57:26 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.6 for RHEL 9
  multicluster engine for Kubernetes 2.6 for RHEL 8

Via RHSA-2025:0778 https://access.redhat.com/errata/RHSA-2025:0778
Comment 11 errata-xmlrpc 2025-01-28 23:59:46 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9

Via RHSA-2025:0785 https://access.redhat.com/errata/RHSA-2025:0785
Comment 12 errata-xmlrpc 2025-01-30 21:31:03 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:0851 https://access.redhat.com/errata/RHSA-2025:0851
Comment 13 errata-xmlrpc 2025-02-03 13:09:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Dev Spaces 3 Containers

Via RHSA-2025:0892 https://access.redhat.com/errata/RHSA-2025:0892
Comment 14 errata-xmlrpc 2025-02-05 08:58:20 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.5 for RHEL 8

Via RHSA-2025:1051 https://access.redhat.com/errata/RHSA-2025:1051
Comment 15 errata-xmlrpc 2025-02-05 10:49:42 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875
Comment 16 errata-xmlrpc 2025-03-11 09:16:27 UTC 
This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:2652 https://access.redhat.com/errata/RHSA-2025:2652
Note You need to log in before you can comment on or make changes to this bug.