Nanoid up to 3.3.7/5.0.8 privilege escalation

Summaryinfo

A vulnerability classified as problematic has been found in Nanoid up to 3.3.7/5.0.8. The affected element is an unknown function. This manipulation causes an unknown weakness. This vulnerability appears as CVE-2024-55565. There is no available exploit. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Nanoid up to 3.3.7/5.0.8 and classified as problematic. The impact remains unknown. The summary by CVE is:

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

The advisory is shared at github.com. This vulnerability is known as CVE-2024-55565 since 12/09/2024. Neither technical details nor an exploit are publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 213236 (Fedora 41 : python-nbdime (2024-01e170c1ac)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 3.3.8 or 5.0.9 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (213236) and EUVD (EUVD-2024-3491). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Name

• Nanoid

Version

• 3.3.0
• 3.3.1
• 3.3.2
• 3.3.3
• 3.3.4
• 3.3.5
• 3.3.6
• 3.3.7
• 5.0.0
• 5.0.1
• 5.0.2
• 5.0.3
• 5.0.4
• 5.0.5
• 5.0.6
• 5.0.7
• 5.0.8

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion