Skip to main content

Morgan

1 CVEs product

Monthly

CVE-2019-5413 npm CRITICAL POC PATCH Act Now

An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Node.js RCE Morgan
NVD
CVSS 3.0
9.8
EPSS
3.4%
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Node.js RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy