Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
Vulnerability Description
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type, bypassing any MIME-type-based restrictions configured on storage buckets. This issue has been patched in version 0.12.0.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Nhost 数据伪造问题漏洞
Vulnerability Description
Nhost是Nhost开源的一个后端即服务平台。 Nhost 0.12.0之前版本存在数据伪造问题漏洞,该漏洞源于存储服务的文件上传处理程序信任客户端提供的Content-Type标头而未进行服务器端MIME类型检测,可能导致攻击者上传任意MIME类型的文件,绕过存储桶的MIME类型限制。
CVSS Information
N/A
Vulnerability Type
N/A