## NestJS Backend Exposes Internal Stack Traces in Production Due to Missing Exception Filter
A critical security gap has been identified in the application's error handling infrastructure. The backend service running on NestJS lacks a globally registered exception filter, leaving internal system details exposed to any API consumer when unhandled errors occur. This is not merely a development inconvenience — it represents a real attack surface that could aid malicious actors in mapping system architecture, identifying database technologies, or discovering file system structures.

The vulnerability exists in `backend/src/main.ts`, where no custom exception filter is registered. By default, NestJS returns full stack traces when `NODE_ENV` is not set to `production`, but even in production deployments, unhandled exceptions can leak sensitive information including database errors, internal file paths, and third-party library internals. Every controller in the system relies on this default behavior, meaning the exposure is systemic rather than isolated. The absence of centralized error handling also prevents consistent error response formatting across the API surface.

Security researchers and automated vulnerability scanners routinely probe APIs for exactly this type of information leakage. Exposed stack traces can reveal database connection strings, file directory structures, and the specific versions of frameworks in use — intelligence that significantly lowers the barrier for targeted attacks. The recommended remediation involves creating a global `AllExceptionsFilter` at `backend/src/common/filters/http-exception.filter.ts` and registering it in the application bootstrap, ensuring all error responses are sanitized before reaching clients regardless of environment settings.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: nestjs, security-vulnerability, exception-filter, stack-trace-leak, production-security
- **Credibility**: unverified
- **Published**: 2026-04-26 06:54:06
- **ID**: 77158
- **URL**: https://whisperx.ai/en/intel/77158