File Upload Vulnerability in NestJS Framework by NestJS
CVE-2024-29409

Currently unrated

Key Information:

Vendor: NestJS
Status: NestJS Framework
Vendor: CVE Published:; 14 March 2025

What is CVE-2024-29409?

A vulnerability exists in NestJS version 10.3.2 that allows remote attackers to execute arbitrary code through crafted Content-Type headers during file uploads. This issue could potentially compromise the security of applications built with this framework, enabling attackers to exploit the flaw by sending specially designed requests.

References

https://github.com/nestjs/nest/issues/13311#issuecomment-...

https://gist.github.com/aydinnyunus/801342361584d1491c67a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Mar 19, 2024

CVE-2024-29409 Data

JSON