Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nest: Middleware Bypass on Fastify via Trailing Slash
Vulnerability Description
Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nestjs/platform-fastify. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes() API on the Fastify adapter, an unauthenticated client can bypass the Nest middleware registered for that route by simply appending a trailing slash (/) to the request URL. This bypass works on the default Fastify adapter configuration. This vulnerability is fixed in 11.1.24.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
nestjs Nest 授权问题漏洞
Vulnerability Description
nestjs nest是nestjs团队开源的一个 Node.js 框架,用于使用 TypeScript/JavaScript 构建高效、可扩展和企业级的服务器端应用程序。 nestjs Nest存在授权问题漏洞,该漏洞源于在Fastify适配器上的中间件注册问题,可能导致未经身份验证的客户端通过向请求URL附加斜杠绕过中间件。
CVSS Information
N/A
Vulnerability Type
N/A