Security
Headlines

Headlines Latest CVEs

Headline

GHSA-4jpv-8r57-pv7j: @nestjs/core vulnerable to Information Exposure via StreamableFile pipe

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

1 year ago

#vulnerability #js #git

@nestjs/core vulnerable to Information Exposure via StreamableFile pipe

Low severity GitHub Reviewed Published Mar 6, 2023 to the GitHub Advisory Database • Updated Mar 8, 2023

Related news

CVE-2023-26108: fix: use pipeline over stream.pipe by jmcdo29 · Pull Request #9819 · nestjs/nest

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

1 year ago

#vulnerability #js

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP

1 day ago

GHSA-j5vv-6wjg-cfr8: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

1 day ago

GHSA-w95c-7994-ghpr: TCPDF has incorrect comparison

2 days ago

GHSA-qx95-cwh6-9mvq: TCPDF missing character escape on error messages

2 days ago

GHSA-9mgx-552f-59p6: TCPDF missing certificate validation

2 days ago