GHSA-3fc5-9x9m-vqc4

Опубликовано: 03 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Privilege Escalation in express-cart

Versions of express-cart before 1.1.6 are vulnerable to privilege escalation. This vulnerability can be exploited so that normal users can escalate their privilege and add new administrator users.

Recommendation

Update to version 1.1.6 or later.

Ссылки

https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
https://hackerone.com/reports/343626
https://github.com/nodejs/security-wg/blob/master/vuln/npm/469.json
https://snyk.io/vuln/npm:express-cart:20180712
https://www.npmjs.com/advisories/730

Пакеты

Наименование

express-cart

npm

Затронутые версииВерсия исправления

< 1.1.6

1.1.6

9.8 Critical

CVSS3

9.8 Critical

CVSS3