Lucene search
Veracode Vulnerability DatabaseVERACODE:39590HistoryMar 08, 2023 - 8:22 a.m.
Information Exposure
2023-03-0808:22:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
nestjs
information exposure
vulnerability
client request sanitization
streamable-file.ts
dvi element
sensitive information
software
0.001 Low
EPSS
Percentile
32.6%
@nestjs/common, is vulnerable to information exposure. The vulnerability exists due to a lack of client request sanitization in the streamable-file.ts file, allowing an attacker to read sensitive information in the system through the DVI element.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @nestjs/common | le | 9.0.4 | |
| @nestjs/platform-express | le | 9.0.4 | |
| @nestjs/common | le | 9.0.4 | |
| @nestjs/platform-express | le | 9.0.4 |
Related
cve
cve
CVE-2023-26108
2023-03-06 05:15:12
nvd
nvd
CVE-2023-26108
2023-03-06 05:15:12
osv
osv
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
2023-03-06 06:30:18
CVE-2023-26108
2023-03-06 05:15:12
prion
prion
Open redirect
2023-03-06 05:15:00
cvelist
cvelist
CVE-2023-26108
2023-03-06 05:00:05
github
github
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
2023-03-06 06:30:18