CVE-2023-26108: Infoleak
Published Mar 6, 2023
·Updated
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.
Affected Software
1 affected component
nestjs Nest Node.js<9.0.5
Remediation
Patch Available
Event History
Mar 6, 2023
CVE Published
via MITRE·05:00 AM
Data Sourced
via MITRE·05:00 AM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2023-26108?
CVE-2023-26108 is classified as a moderate severity vulnerability.
2
How do I fix CVE-2023-26108?
To remediate CVE-2023-26108, update the @nestjs/core package to version 9.0.5 or later.
3
What type of vulnerability is CVE-2023-26108?
CVE-2023-26108 is an Information Exposure vulnerability.
4
What happens if CVE-2023-26108 is exploited?
Exploiting CVE-2023-26108 can result in the stream remaining open if a client cancels a request during file streaming.
5
Which versions of NestJS are affected by CVE-2023-26108?
CVE-2023-26108 affects versions of @nestjs/core prior to 9.0.5.