6 matches found
Exploit for Cross-Site Request Forgery (CSRF) in Nestjs Devtools-Integration
CVE-2025-54...
@ballerine/workflows-service (>=0.4.6 <=0.5.49), @digitaltg/vc-signer (=1.0.0) +9 more potentially affected by CVE-2025-54782 via @nestjs/devtools-integration (=0.1.6)
@nestjs/devtools-integration NPM version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @nestjs/devtools-integration and may be impacted: - @ballerine/workflows-service =0.4.6, =0.0.37, =0.0.4, =0.0.1, =0.0.6, =0.0.82, =0.0.32, =1.0.0, =1.0.9 -...
CVE-2025-54782
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
CVE-2025-54782 @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
CVE-2025-54782
CVE-2025-54782 affects the NestJS devtools-integration package (versions 0.2.0 and earlier). The vulnerability enables Remote Code Execution via a local development HTTP server endpoint, /inspector/graph/interact, which accepts JSON containing a code field and executes it in a Node.js vm.runInNew...
Exploit for CVE-2025-54782
CVE-2025-54782 RCE POC Read more: - https:...