Skip to main content

Test Results

josephgoksu/prime-nestjs

Vulnerabilities

 1 via 1 paths

Dependencies

 248

Source

 GitHub

Commit

 80bdaa54

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Arbitrary Code Injection

  • Vulnerable module: @nestjs/common
  • Introduced through: @nestjs/common@10.4.15

Detailed paths

  • Introduced through: prime-nestjs@josephgoksu/prime-nestjs#80bdaa541f18eaf5547aa488ebd83843346e1c53 @nestjs/common@10.4.15

Overview

@nestjs/common is a Nest - modern, fast, powerful node.js web framework (@common)

Affected versions of this package are vulnerable to Arbitrary Code Injection via the FileTypeValidator function due to improper MIME Type Validation. An attacker can execute arbitrary code by sending a crafted payload in the Content-Type header of a request.

Note:

The FileTypeValidator documentation specifically mentions that it is vulnerable and provides security enhancement recommendations.

Remediation

There is no fixed version for @nestjs/common.

References

Arbitrary Code Injection vulnerability report