Morgan
Monthly
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.