Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix collision by proxy number #328

Merged
merged 1 commit into from
Jan 11, 2022
Merged

fix collision by proxy number #328

merged 1 commit into from
Jan 11, 2022

Conversation

artalar
Copy link
Contributor

@artalar artalar commented Jan 11, 2022

You can test live reproduce here https://stackblitz.com/edit/nanoid-collision?file=index.js (type node index.js in the console)

@ai ai merged commit 2b7bd93 into ai:main Jan 11, 2022
@ai
Copy link
Owner

ai commented Jan 11, 2022

Thanks. Fixed was released in 3.1.31.

quadratz added a commit to quadratz/nanoid-deno that referenced this pull request Jun 13, 2024
This test should not be for non-secure in the first place. The test is only valid for the secure one to test the vulnerability (ai#328).
quadratz added a commit to quadratz/nanoid-deno that referenced this pull request Jun 13, 2024
* feat: handle 'NaN' size

Do not allow a 'NaN' value for the id size as it may lead to an infinite loop in the function.

* test: remove proxy number test for non-secure

This test should not be for non-secure in the first place. The test is only valid for the secure one to test the vulnerability (ai#328).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants