id
type
5 (blog/news article)
status
30 (imported + raw text content deleted)
review version
0
cleanup version
0
pending deletion
0 (-)
created at
2025-08-01 18:37:34
updated at
2025-11-08 07:54:46
url
https://socket.dev/blog/nestjs-rce-vuln
url length
39
url crc
49147
url crc32
836485115
location type
1 (url matches target location, page_location is empty)
canonical status
10 (verified canonical url)
canonical page id
domain id
domain tld
0
domain parts
0
originating warc id
-
originating url
https://socket.dev/
source type
21 (Discord)
server ip
Publication date
2025-08-09 09:19:59
Fetch attempts
0
Original html size
364213
Normalized and saved size
54661
title
Critical Vulnerability in NestJS Devtools: Localhost RCE via...
excerpt
content
Jonathan LeitschuhAugust 1, 2025Ever look at a bit of Javascript sandboxing code and say to yourself “I know I can probably break out of that”. No? Just me? Must be a security researcher thing.As a hacker, one of the best places for vulnerabilities is in servers running locally on dev machines. Why? Because browsers still haven’t patched a 19 year old security vulnerability that allows any website to cross-talk from the public internet to local services on your machine. This long-standing vulnerability allows your browser to operate as a confused deputy, allowing attackers to use your browser to pivot and make HTTP requests to your local machine.Combine that localhost server with an API endpoint that executes arbitrary code inside a sandbox that can be broken out of, and you find yourself looking at a critical RCE vulnerability.How did we get here?As part of our ongoing review of findings from Socket’s AI-based malware detection, we examined a set of alerts that were classified as pote...
author
updated
1766887210
block type
0
extracted fields
105
extracted bits
featured image
title
full content
content was extracted heuristically
detected location
0
detected language
1 (English)
category id
SEC and Crypto [en] (228)
index version
2025123101
paywall score
0
spam phrases
0
text nonlatin
0
text cyrillic
0
text characters
12505
text words
2385
text unique words
772
text lines
1
text sentences
58
text paragraphs
1
text words per sentence
41
text matched phrases
25
text matched dictionaries
8
links self subdomains
0
links other subdomains
1
links other domains
7
links spam adult
0
links spam random
0
links spam expired
0
links ext activities
0
links ext ecommerce
0
links ext finance
0
links ext crypto
0
links ext booking
0
links ext news
0
links ext leaks
0
links ext ugc
17
links ext klim
0
links ext generic
0