CVE-2024-29409
nest allows a remote attacker to execute arbitrary code via the Content-Type header
5.5
MEDIUM
CVSS 3.1
EPSS 0.34%
Description
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
How to fix CVE-2024-29409
To remediate CVE-2024-29409, upgrade the affected package to a fixed version below.
- npm/@nestjs/common—upgrade to 11.0.16 or later
Is CVE-2024-29409 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 11.0.0-next.1, < 11.0.16
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |