Security Vulnerability on NestJS

[aydinnyunus]

Is there an existing issue for this?

• I have searched the existing issues

Current behavior

I reported it through the email from [email protected] user but I did not get any response.

Minimum reproduction code

Steps to reproduce

No response

Expected behavior

Package

• I don't know. Or some 3rd-party package
• @nestjs/common
• @nestjs/core
• @nestjs/microservices
• @nestjs/platform-express
• @nestjs/platform-fastify
• @nestjs/platform-socket.io
• @nestjs/platform-ws
• @nestjs/testing
• @nestjs/websockets
• Other (see below)

Other package

No response

NestJS version

latest

Packages versions

latest

Node.js version

No response

In which operating systems have you tested?

• macOS
• Windows
• Linux

Other

No response

[micalevisk]

is it a vulnerability on any @nestjs/* packages or some of their dependencies?

[aydinnyunus]

is it a vulnerability on any @nestjs/* packages or some of their dependencies?

Hello, indeed, it's under @nestjs/*. I've already provided the specifics via email to [email protected].

[micalevisk]

ok. thanks.

just to let you know, I don't have access to that e-mail. Kamil should give it a shot

[aydinnyunus]

okay thank you

[kamilmysliwiec]

FileTypeValidator only verifies the mime type (as stated in the comment https://github.dev/nestjs/nest/blob/e331fb0d996b4fea11bd3ef8e76ef46e8b53b4d1/packages/common/pipes/file/file-type.validator.ts#L19)