Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2024-29409
File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.
| Software | From | Fixed in |
|---|---|---|
@nestjs / common
|
11.0.0-next.1 | 11.0.16 |
|
@nestjs / common
|
- | 10.4.16 |
| nestjs / nest | 10.3.2 | 10.3.2.x |
- https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f
- https://github.com/nestjs/nest/blob/83a48b2c7396985144b7a6cd5d3bee1abb7c5d81/packages/common/pipes/file/file-type.validator.ts#L19
- https://github.com/nestjs/nest/issues/13311#issuecomment-1993839495
- https://github.com/nestjs/nest/issues/14876
- https://github.com/nestjs/nest/issues/14876#issuecomment-2796888038
- https://github.com/nestjs/nest/pull/14881
- https://github.com/nestjs/nest/releases/tag/v10.4.16
- https://github.com/nestjs/nest/releases/tag/v11.0.16