{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T07:22:13.447","vulnerabilities":[{"cve":{"id":"CVE-2024-36400","sourceIdentifier":"security-advisories@github.com","published":"2024-06-04T15:15:46.980","lastModified":"2024-11-21T09:22:06.187","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` functions. Specifically, the `base62` function used a character set of 32 symbols instead of the intended 62 symbols, and the `base58` function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the `nano_id::gen` macro is also affected when a custom character set that is not a power of 2 in size is specified. It should be noted that `nano_id::base64` is not affected by this vulnerability. This can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers. The vulnerability is fixed in 0.4.0."},{"lang":"es","value":"nano-id es un generador de ID de cadena único para Rust. Las versiones afectadas de la caja nano-id generaron identificaciones incorrectamente utilizando un conjunto de caracteres reducido en las funciones `nano_id::base62` y `nano_id::base58`. Específicamente, la función \"base62\" usó un conjunto de caracteres de 32 símbolos en lugar de los 62 símbolos previstos, y la función \"base58\" usó un conjunto de caracteres de 16 símbolos en lugar de los 58 símbolos previstos. Además, la macro `nano_id::gen` también se ve afectada cuando se especifica un conjunto de caracteres personalizado que no tiene un tamaño de potencia de 2. Cabe señalar que `nano_id::base64` no se ve afectado por esta vulnerabilidad. Esto puede dar como resultado una reducción significativa de la entropía, lo que hace que los ID generados sean predecibles y vulnerables a ataques de fuerza bruta cuando los ID se utilizan en contextos sensibles a la seguridad, como tokens de sesión o identificadores únicos. La vulnerabilidad se solucionó en 0.4.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-331"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-331"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:viz:nano_id:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.4.0","matchCriteriaId":"BF41EF99-02DE-468E-A51B-54B229585D0D"}]}]}],"references":[{"url":"https://github.com/viz-rs/nano-id/commit/a9022772b2f1ce38929b5b81eccc670ac9d3ab23","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/viz-rs/nano-id/security/advisories/GHSA-9hc7-6w9r-wj94","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/viz-rs/nano-id/commit/a9022772b2f1ce38929b5b81eccc670ac9d3ab23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/viz-rs/nano-id/security/advisories/GHSA-9hc7-6w9r-wj94","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}}]}