45 matches found
CVE-2026-33221 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...
CVE-2026-33221
CVE-2026-33221 affects the Nhost storage upload component. Before v0.12.0, the storage service trusts the client-provided Content-Type header and does not perform server-side MIME type detection, enabling an attacker to upload files with arbitrary MIME types and bypass MIME-type-based bucket rest...
CVE-2026-33221 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...
Nhost 数据伪造问题漏洞
Nhost is an open-source backend service platform developed by Nhost. Versions of Nhost prior to 0.12.0 had a data manipulation vulnerability. This vulnerability stemmed from the file upload processing mechanism in the storage service, which trusted the Content-Type header provided by the client...
Malicious code in typescript-nhost (npm)
The package 'typescript-nhost' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...