cvedb.io
CVE-2022-31069
MEDIUM · CVSS 5.8
EPSS exploitation probability: 0%
Published 2022-06-15T19:15:11.240 · Last modified 2026-06-17T04:44:43.747

Summary

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in sensitive information such as OAuth bearer access tokens being inadvertently exposed to such services that should not see them. A new feature has been introduced in the patched version of nestjs-proxy that allows application developers to opt out of forwarding the Authorization headers on a per service basis using the `forwardToken` config setting. Developers are advised to review the README for this library on Github or NPM for further details on how this configuration can be applied. This issue has b

Affected products

finastra — nestjs-proxy

Does this affect you?

Add your gear to cvedb and we'll alert you only when finastra ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.