8 matches found
NestJS DevTools Integration - Remote Code Execution
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
nest 安全漏洞
Nest is a Node.js framework developed by NestJS, designed for building efficient, scalable, and enterprise-level server-side applications using TypeScript/JavaScript. Versions of Nest prior to 11.1.19 contained a security vulnerability. This vulnerability stemmed from the recursive invocation of...
nest 安全漏洞
nest is a Node.js framework developed by Nestjs, designed for building efficient, scalable, and enterprise-level server-side applications using TypeScript/JavaScript. Version 11.1.13 of nest contains a security vulnerability. This vulnerability arises from NestJS applications that utilize...
CVE-2025-54782
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
CVE-2025-54782 @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
CVE-2025-54782
CVE-2025-54782 affects the NestJS devtools-integration package (versions 0.2.0 and earlier). The vulnerability enables Remote Code Execution via a local development HTTP server endpoint, /inspector/graph/interact, which accepts JSON containing a code field and executes it in a Node.js vm.runInNew...
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Summary A critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox safe-eval-like implementation. Due to improper...
CVE-2024-29409
File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header...