Nestjs: Security Vulnerabilities
File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.
CVSS Score
5.5
EPSS Score
0.002
Published
2025-03-14
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.
CVSS Score
3.7
EPSS Score
0.001
Published
2023-03-06