CVE-2025-69211
- EPSS 0.05%
- Veröffentlicht 29.12.2025 16:01:22
- Zuletzt bearbeitet 20.02.2026 16:58:36
Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses `@nestjs/platform-fastify`; relies on `NestMiddleware` ...
CVE-2025-54782
- EPSS 24.36%
- Veröffentlicht 01.08.2025 23:36:58
- Zuletzt bearbeitet 09.10.2025 17:31:16
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package expose...
CVE-2024-29409
- EPSS 0.16%
- Veröffentlicht 14.03.2025 00:00:00
- Zuletzt bearbeitet 03.04.2025 15:30:50
File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.
CVE-2023-26108
- EPSS 0.12%
- Veröffentlicht 06.03.2023 05:15:12
- Zuletzt bearbeitet 21.11.2024 07:50:47
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapp...