Moderate severityNVD Advisory· Published Mar 14, 2025· Updated Mar 17, 2025
CVE-2024-29409
CVE-2024-29409
Description
File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@nestjs/commonnpm | >= 11.0.0-next.1, < 11.0.16 | 11.0.16 |
@nestjs/commonnpm | < 10.4.16 | 10.4.16 |
Affected products
2Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-cj7v-w2c7-cp7cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-29409ghsaADVISORY
- gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53fghsaWEB
- github.com/nestjs/nest/blob/83a48b2c7396985144b7a6cd5d3bee1abb7c5d81/packages/common/pipes/file/file-type.validator.tsghsaWEB
- github.com/nestjs/nest/issues/13311ghsaWEB
- github.com/nestjs/nest/issues/14876ghsaWEB
- github.com/nestjs/nest/issues/14876ghsaWEB
- github.com/nestjs/nest/pull/14881ghsaWEB
- github.com/nestjs/nest/releases/tag/v10.4.16ghsaWEB
- github.com/nestjs/nest/releases/tag/v11.0.16ghsaWEB
News mentions
0No linked articles in our index yet.