Описание
express-cart allows any user to create an admin user
Express-Cart before 1.1.6 allows remote attackers to create an admin user via an /admin/setup Referer header.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-12457
- https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
- https://hackerone.com/reports/343626
- https://github.com/nodejs/security-wg/blob/main/vuln/npm/469.json
- https://snyk.io/vuln/npm:express-cart:20180712
- https://www.npmjs.com/advisories/730
- https://www.npmjs.com/package/express-cart?activeTab=versions
Пакеты
Наименование
express-cart
npm
Затронутые версииВерсия исправления
< 1.1.6
1.1.6
Связанные уязвимости
CVSS3: 8.8
nvd
больше 7 лет назад
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.