@nestjs/core/.../core@4.6.1-0 vulnerabilities

Nest - modern, fast, powerful node.js web framework (@core)

  • latest version

    10.4.15

  • latest non vulnerable version

  • first published

    7 years ago

  • latest version published

    6 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @nestjs/core package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Information Exposure

    @nestjs/core is a Nest - modern, fast, powerful node.js web framework (@core)

    Affected versions of this package are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

    How to fix Information Exposure?

    Upgrade @nestjs/core to version 9.0.5 or higher.

    <9.0.5