CVE-2024-55565
Aliases:GHSA-mwcw-c2x4-8c55
Advisory lineage Upstream: 0 Downstream: 7
Deferred
Published: 09 Dec 2024, 00:00
Last modified:03 Nov 2025, 22:32
Vulnerability Summary
Overall Risk (default)
low
17/100 CVSS Score
4.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.11% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Dec 2024, 00:00
Published
Vulnerability first disclosed
03 Nov 2025, 22:32
Last Modified
Vulnerability information updated
Description
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Trends
Current EPSS score: 0.11%• Percentile: 29%
Techniques & Countermeasures
- CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Systems
- Npm•nanoid
≥ 4.0.0, < 5.0.9 | < 3.3.8
References (7)
- https://github.com/ai/nanoid/pull/510
- https://github.com/ai/nanoid/releases/tag/5.0.9
- https://github.com/ai/nanoid/compare/3.3.7...3.3.8
- https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
- https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-55565
- https://github.com/ai/nanoid