Bug 2331063 (CVE-2024-55565) - CVE-2024-55565 nanoid: nanoid mishandles non-integer values
Summary: CVE-2024-55565 nanoid: nanoid mishandles non-integer values
Keywords:
Status: NEW
Alias: CVE-2024-55565
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2331093 2331094 2331095 2331096 2331108 2331091 2331092 2331097 2331098 2331099 2331100 2331101 2331102 2331103 2331104 2331105 2331106 2331107 2331109 2331110 2331111 2331112 2331113 2331114
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-12-09 02:01 UTC by OSIDB Bzimport
Modified: 2025-06-01 08:27 UTC (History)
157 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github jupyterlab jupyterlab issues 17056 0 None open CVE-2024-55565 in nanoid <3.3.8,<5.0.9 2024-12-09 08:52:46 UTC
Red Hat Product Errata RHSA-2025:0079 0 None None None 2025-01-08 10:04:36 UTC
Red Hat Product Errata RHSA-2025:0082 0 None None None 2025-01-08 11:32:13 UTC
Red Hat Product Errata RHSA-2025:0340 0 None None None 2025-01-15 16:51:19 UTC
Red Hat Product Errata RHSA-2025:0654 0 None None None 2025-01-28 04:29:23 UTC
Red Hat Product Errata RHSA-2025:0723 0 None None None 2025-01-27 21:51:02 UTC
Red Hat Product Errata RHSA-2025:0778 0 None None None 2025-01-28 20:57:35 UTC
Red Hat Product Errata RHSA-2025:0785 0 None None None 2025-01-28 23:59:54 UTC
Red Hat Product Errata RHSA-2025:0851 0 None None None 2025-01-30 21:31:11 UTC
Red Hat Product Errata RHSA-2025:0875 0 None None None 2025-02-05 10:49:51 UTC
Red Hat Product Errata RHSA-2025:0892 0 None None None 2025-02-03 13:09:54 UTC
Red Hat Product Errata RHSA-2025:1051 0 None None None 2025-02-05 08:58:29 UTC
Red Hat Product Errata RHSA-2025:2652 0 None None None 2025-03-11 09:16:37 UTC

Description OSIDB Bzimport 2024-12-09 02:01:10 UTC 
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
Comment 2 Lumír Balhar 2024-12-09 08:52:47 UTC 
Reported upstream: https://github.com/jupyterlab/jupyterlab/issues/17056
Comment 3 errata-xmlrpc 2025-01-08 10:04:28 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2025:0079 https://access.redhat.com/errata/RHSA-2025:0079
Comment 4 errata-xmlrpc 2025-01-08 11:32:03 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2025:0082 https://access.redhat.com/errata/RHSA-2025:0082
Comment 5 errata-xmlrpc 2025-01-15 16:51:10 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2025:0340 https://access.redhat.com/errata/RHSA-2025:0340
Comment 8 errata-xmlrpc 2025-01-27 21:50:54 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.7 for RHEL 9
  multicluster engine for Kubernetes 2.7 for RHEL 8

Via RHSA-2025:0723 https://access.redhat.com/errata/RHSA-2025:0723
Comment 9 errata-xmlrpc 2025-01-28 04:29:15 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0654 https://access.redhat.com/errata/RHSA-2025:0654
Comment 10 errata-xmlrpc 2025-01-28 20:57:26 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.6 for RHEL 9
  multicluster engine for Kubernetes 2.6 for RHEL 8

Via RHSA-2025:0778 https://access.redhat.com/errata/RHSA-2025:0778
Comment 11 errata-xmlrpc 2025-01-28 23:59:46 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9

Via RHSA-2025:0785 https://access.redhat.com/errata/RHSA-2025:0785
Comment 12 errata-xmlrpc 2025-01-30 21:31:03 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:0851 https://access.redhat.com/errata/RHSA-2025:0851
Comment 13 errata-xmlrpc 2025-02-03 13:09:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Dev Spaces 3 Containers

Via RHSA-2025:0892 https://access.redhat.com/errata/RHSA-2025:0892
Comment 14 errata-xmlrpc 2025-02-05 08:58:20 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.5 for RHEL 8

Via RHSA-2025:1051 https://access.redhat.com/errata/RHSA-2025:1051
Comment 15 errata-xmlrpc 2025-02-05 10:49:42 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875
Comment 16 errata-xmlrpc 2025-03-11 09:16:27 UTC 
This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:2652 https://access.redhat.com/errata/RHSA-2025:2652
Note You need to log in before you can comment on or make changes to this bug.