CVE-2024-29409: nest allows a remote attacker to execute arbitrary code via the Content-Type header
(updated )
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
References
- gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f
- github.com/advisories/GHSA-cj7v-w2c7-cp7c
- github.com/nestjs/nest
- github.com/nestjs/nest/blob/83a48b2c7396985144b7a6cd5d3bee1abb7c5d81/packages/common/pipes/file/file-type.validator.ts
- github.com/nestjs/nest/issues/13311
- github.com/nestjs/nest/issues/14876
- github.com/nestjs/nest/issues/14876
- github.com/nestjs/nest/pull/14881
- github.com/nestjs/nest/releases/tag/v10.4.16
- github.com/nestjs/nest/releases/tag/v11.0.16
- nvd.nist.gov/vuln/detail/CVE-2024-29409
Code Behaviors & Features
Detect and mitigate CVE-2024-29409 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →