2 matches found
@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')
Impact What kind of vulnerability is it? Who is impacted? SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and \n as field delimiters and \n\n as...
PT-2026-30760
Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.18 Description The SseStream. transform function interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters r, . Because the SSE protocol use...