CVE-2024-29409

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-29409

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29409.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-29409

Aliases

GHSA-cj7v-w2c7-cp7c

Published

2025-03-14T18:15:27.980Z

Modified

2026-03-12T02:54:45.513620Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.

References

Affected packages

Git / github.com/nestjs/nest

Affected ranges

Type

GIT

Repo

https://github.com/nestjs/nest

Events

Introduced

Last affected

a35938a06c6874fbc1a2faa5d040e273d6cf2282

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.3.2"
        }
    ]
}

Affected versions

6.*

6.3.1

v10.*

v10.0.0

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.1.0

v10.1.1

v10.1.2

v10.1.3

v10.2.0

v10.2.1

v10.2.10

v10.2.2

v10.2.3

v10.2.4

v10.2.5

v10.2.6

v10.2.7

v10.2.8

v10.2.9

v10.3.0

v10.3.1

v10.3.2

v4.*

v4.4.0

v4.4.1

v4.4.2

v4.5.0

v4.5.1

v4.5.10

v4.5.11

v4.5.12

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

v4.5.8

v4.5.9

v4.6.1

v4.6.2

v4.6.3

v4.6.4

v4.6.5

v4.6.6

v5.*

v5.0.0

v5.0.0-beta.0

v5.0.0-beta.1

v5.0.0-beta.2

v5.0.0-beta.3

v5.0.0-beta.4

v5.0.0-beta.6

v5.0.0-beta.7

v5.0.0-beta.8

v5.0.0-rc.1

v5.0.0-rc.2

v5.0.0-rc.3

v5.0.0-rc.4

v5.0.1

v5.1.0

v5.2.0

v5.2.1

v5.2.2

v5.3.0

v5.3.1

v5.3.10

v5.3.11

v5.3.12

v5.3.13

v5.3.14

v5.3.15

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.3.7-postinstall-next

v5.3.8

v5.3.9

v5.4.0

v5.4.1

v5.5.0

v5.6.0

v5.6.1

v5.6.2

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.7.4

v6.*

v6.0.0

v6.0.0-rc.1

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.1.0

v6.1.1

v6.10.0

v6.10.1

v6.10.10

v6.10.11

v6.10.12

v6.10.13

v6.10.14

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.10.8

v6.10.9

v6.11.0

v6.11.1

v6.11.10

v6.11.11

v6.11.2

v6.11.3

v6.11.4

v6.11.5

v6.11.6

v6.11.7

v6.11.8

v6.11.9

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.2.4

v6.3.0

v6.3.1

v6.3.2

v6.4.0

v6.4.1

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.6.1

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.7.0

v6.7.1

v6.7.2

v6.8.0

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.9.0

v7.*

v7.0.0

v7.0.1

v7.0.10

v7.0.11

v7.0.12

v7.0.13

v7.0.2

v7.0.3

v7.0.4

v7.0.5

v7.0.6

v7.0.7

v7.0.8

v7.0.9

v7.1.0

v7.1.1

v7.1.2

v7.1.3

v7.2.0

v7.3.0

v7.3.1

v7.3.2

v7.4.0

v7.4.1

v7.4.2

v7.4.3

v7.4.4

v7.5.0

v7.5.1

v7.5.2

v7.5.3

v7.5.4

v7.5.5

v7.6.0

v7.6.1

v7.6.10

v7.6.11

v7.6.12

v7.6.13

v7.6.14

v7.6.15

v7.6.16

v7.6.17

v7.6.18

v7.6.2

v7.6.3

v7.6.4

v7.6.5

v7.6.6

v7.6.7

v7.6.8

v7.6.9

v8.*

v8.0.0

v8.0.1

v8.0.10

v8.0.11

v8.0.2

v8.0.3

v8.0.4

v8.0.5

v8.0.6

v8.0.7

v8.0.8

v8.0.9

v8.1.0

v8.1.1

v8.1.2

v8.2.0

v8.2.1

v8.2.2

v8.2.3

v8.2.4

v8.2.5

v8.2.6

v8.3.0

v8.3.1

v8.4.0

v8.4.1

v8.4.2

v8.4.3

v8.4.4

v8.4.5

v8.4.6

v8.4.7

v9.*

v9.0.0

v9.0.1

v9.0.10

v9.0.11

v9.0.2

v9.0.3

v9.0.4

v9.0.5

v9.0.6

v9.0.7

v9.0.8

v9.0.9

v9.1.0

v9.1.1

v9.1.2

v9.1.3

v9.1.4

v9.1.5

v9.1.6

v9.2.0

v9.2.1

v9.3.0

v9.3.0-beta.1

v9.3.0-beta.2

v9.3.0-beta.3

v9.3.1

v9.3.10

v9.3.11

v9.3.12

v9.3.2

v9.3.3

v9.3.4

v9.3.5

v9.3.6

v9.3.7

v9.3.8

v9.3.9

v9.4.0

v9.4.1

v9.4.2

v9.4.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29409.json"