CVE-2024-29409: Code Injection

Q: What is the severity of CVE-2024-29409?

CVE-2024-29409 has been classified with a high severity level due to its potential to allow arbitrary code execution.

Q: How do I fix CVE-2024-29409?

To mitigate CVE-2024-29409, upgrade to NestJS version 10.4.16 or 11.0.16 or later.

Q: Which versions of NestJS are affected by CVE-2024-29409?

CVE-2024-29409 affects NestJS versions prior to 10.4.16 and versions before 11.0.16.

Q: What type of vulnerability is CVE-2024-29409?

CVE-2024-29409 is a file upload vulnerability that can be exploited via the Content-Type header.

Q: Can CVE-2024-29409 be exploited remotely?

Yes, CVE-2024-29409 allows remote attackers to execute arbitrary code.

Published Mar 14, 2025

Updated

File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.

Affected Software

5 affected componentsFixes available

nestjs NestJS

nestjs Nest Node.js=10.3.2

npm/@nestjs/common<10.4.16

10.4.16

npm/@nestjs/common>=11.0.0-next.1<11.0.16

11.0.16

IBM Concert Software<=1.0.0-1.1.0

Event History

Mar 14, 2025

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Advisory Published

via GitHub·06:30 PM

Sep 1, 2025

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Frequently Asked Questions

What is the severity of CVE-2024-29409?

CVE-2024-29409 has been classified with a high severity level due to its potential to allow arbitrary code execution.

How do I fix CVE-2024-29409?

To mitigate CVE-2024-29409, upgrade to NestJS version 10.4.16 or 11.0.16 or later.

Which versions of NestJS are affected by CVE-2024-29409?

CVE-2024-29409 affects NestJS versions prior to 10.4.16 and versions before 11.0.16.

What type of vulnerability is CVE-2024-29409?

CVE-2024-29409 is a file upload vulnerability that can be exploited via the Content-Type header.

Can CVE-2024-29409 be exploited remotely?

Yes, CVE-2024-29409 allows remote attackers to execute arbitrary code.

CVSS Score

5.5Medium

Medium Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Security Metrics

Risk Score40

Severitymedium(5.5)

CWE

Timeline

PublishedMar 14, 2025

Updated

References

+1 more references

Parent Advisories

IBM-7243699

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.