Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2023-03-06T05:00:05.073Z
Updated: 2024-08-02T11:39:06.621Z
Reserved: 2023-02-20T10:28:48.922Z
Link: CVE-2023-26108
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-03-06T05:15:12.690
Modified: 2023-11-07T04:09:21.257
Link: CVE-2023-26108
Redhat
No data.