Home > Vulnerability Database > CVE-2024-29409

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-29409

Good to know:

Date: March 13, 2025

File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.

Severity Score

5.5

Related Resources (11)

Url: https://github.com/nestjs/nest/issues/13311#issuecomment-1993839495

Url: https://github.com/nestjs/nest/releases/tag/v11.0.16

Url: https://github.com/nestjs/nest

Url: https://github.com/nestjs/nest/issues/14876#issuecomment-2796888038

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29409

Url: https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f

Url: https://github.com/nestjs/nest/pull/14881

Url: https://github.com/nestjs/nest/issues/14876

Url: https://github.com/nestjs/nest/blob/83a48b2c7396985144b7a6cd5d3bee1abb7c5d81/packages/common/pipes/file/file-type.validator.ts#L19

Url: https://github.com/nestjs/nest/releases/tag/v10.4.16

Url: https://www.mend.io/vulnerability-database/CVE-2024-29409

Severity Score

5.5

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version @nestjs/common - 11.0.16;@nestjs/common - 10.4.16

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Do you need more information?

Contact Us