Nhost Storage Service MIME Type Spoofing Vulnerability
Vulnerability
A vulnerability exists in the Nhost storage service's file upload handler, prior to version 0.12.0. The issue arises because the handler trusts the client-supplied Content-Type header without conducting server-side MIME type verification. This flaw enables attackers to upload files with any MIME type, circumventing MIME type restrictions set on storage buckets. The vulnerability has been addressed in version 0.12.0.
Impact
Exploiting this vulnerability leads to incorrect MIME type representation in file metadata, allowing files to be mismanaged by systems that rely on this metadata, such as browsers, CDNs, and applications.
Reproduction
The vulnerability can be reproduced by uploading a file through the storage service while specifying a Content-Type header that is not 'application/octet-stream'. The server will accept the file based on the provided header without verifying its actual content, bypassing any existing MIME type restrictions.
Remediation
Users can update to Nhost version 0.12.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.