Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream._transform() interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters (\r, \n). Since the SSE protocol treats both \r and \n as field delimiters and \n\n as event boundaries, an attacker who can influence these fields through upstream data sources can inject arbitrary SSE events, spoof event types, and corrupt reconnection state. This vulnerability is fixed in 11.1.18.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNestjs Nest
APPNestjs< 11.1.18
Related vulnerabilities
Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker...
Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and below, a N...
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middlewar...
Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a F...
File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the C...