yarn-audit-known-issues

{"actions":[],"advisories":{"1101163":{"findings":[{"version":"3.3.1","paths":["@angular/ssr>critters>postcss>nanoid"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-55565\n- https://github.com/ai/nanoid/pull/510\n- https://github.com/ai/nanoid/compare/3.3.7...3.3.8\n- https://github.com/ai/nanoid/releases/tag/5.0.9\n- https://github.com/advisories/GHSA-mwcw-c2x4-8c55","created":"2024-12-09T03:30:59.000Z","id":1101163,"npm_advisory_id":null,"overview":"When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n1. in browser and non-secure, the code infinite loops on while (size--)\n2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled\n3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nVersion 3.3.8 and 5.0.9 are fixed.","reported_by":null,"title":"Predictable results in nanoid generation when given non-integer values","metadata":null,"cves":["CVE-2024-55565"],"access":"public","severity":"moderate","module_name":"nanoid","vulnerable_versions":"<3.3.8","github_advisory_id":"GHSA-mwcw-c2x4-8c55","recommendation":"Upgrade to version 3.3.8 or later","patched_versions":">=3.3.8","updated":"2024-12-13T22:57:32.000Z","cvss":{"score":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},"cwe":["CWE-835"],"url":"https://github.com/advisories/GHSA-mwcw-c2x4-8c55"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":1,"high":0,"critical":0},"dependencies":412,"devDependencies":129,"optionalDependencies":0,"totalDependencies":541}}