CVE-2023-26108

Name of the Vulnerable Software and Affected Versions @nestjs/core versions prior to 9.0.5

Description The issue allows for Information Exposure via the StreamableFile pipe. This can be exploited when a client cancels a request while streaming a StreamableFile, resulting in the stream wrapped by the StreamableFile being kept open.

Recommendations For versions prior to 9.0.5, update to version 9.0.5 or later to resolve the issue. As a temporary workaround, consider disabling the StreamableFile pipe until a patch is available. Restrict access to the StreamableFile functionality to minimize the risk of exploitation.