Lucene search
GoogleOSV:GHSA-GWG9-RGVJ-4H5JHistoryMar 25, 2019 - 6:03 p.m.
Code Injection in morgan
2019-03-2518:03:23
Google
osv.dev
14
EPSS
0.006
Percentile
78.1%
Verisons of morgan before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.
Recommendation
Update to version 1.9.1 or later.
References
github.com/advisories/GHSA-gwg9-rgvj-4h5j
github.com/nodejs/security-wg/blob/master/vuln/npm/473.json
hackerone.com/reports/390881
lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3@%3Ccommits.netbeans.apache.org%3E
lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63@%3Cnotifications.netbeans.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2019-5413
www.npmjs.com/advisories/736
Related
cvelist
cvelist
CVE-2019-5413
2019-03-17 19:36:35
githubexploit
githubexploit
Exploit for Command Injection in Morgan Project Morgan
2020-12-01 09:18:58
Exploit for Command Injection in Morgan Project Morgan
2021-02-16 07:25:57
Exploit for Command Injection in Morgan Project Morgan
2021-02-04 00:02:59
osv
osv
CVE-2019-5413
2019-03-21 16:01:05
nvd
nvd
CVE-2019-5413
2019-03-21 16:01:05
veracode
veracode
Prototype Pollution
2018-10-29 08:53:21
prion
prion
Design/Logic Flaw
2019-03-21 16:01:00
hackerone
hackerone
Node.js third-party modules: Code Injection Vulnerability in morgan Package
2018-08-06 12:09:05
github
github
Code Injection in morgan
2019-03-25 18:03:23
redhatcve
redhatcve
CVE-2019-5413
2020-04-14 19:26:54
cve
cve
CVE-2019-5413
2019-03-21 16:01:05