Exposure of Sensitive Information to an Unauthorized Actor in nanoid #614

palisadoes · 2022-03-14T14:53:14Z

Describe the bug

The earliest fixed version is 3.1.31.
This vulnerability may be due to a package or a dependency of this packages that we are not using. This needs to be considered

To Fix

Expected behavior
Version upgraded to 3.1.31

Actual behavior
Version under 3.1.31

Screenshots

Additional details

The text was updated successfully, but these errors were encountered:

priyang12 · 2022-03-16T05:44:06Z

hi can i work on this issue?

rohit-raje-786 · 2022-04-12T14:18:48Z

@palisadoes there is no dependency name nanoid in the package.json file

palisadoes · 2022-04-12T15:56:44Z

Thanks. It looks like it has been removed from the code base.

palisadoes added bug Something isn't working security Security fix labels Mar 14, 2022

github-actions bot added the unapproved Unapproved for Pull Request label Mar 14, 2022

palisadoes added good first issue Good for newcomers and removed unapproved Unapproved for Pull Request labels Mar 14, 2022

palisadoes assigned priyang12 Mar 16, 2022

priyang12 removed their assignment Mar 25, 2022

palisadoes closed this as completed Apr 12, 2022

Provide feedback