Lucene search
Redhat.comRH:CVE-2019-5413HistoryApr 14, 2020 - 7:26 p.m.
CVE-2019-5413
2020-04-1419:26:54
redhat.com
access.redhat.com
9
EPSS
0.006
Percentile
78.1%
The Node.js morgan package, before version 1.9.1, does not properly sanitize input in the compile() function, allowing for potential execution of code. This vulnerability can only be exploited by attackers with the ability to provide input to the compile() function or in combination with another prototype pollution vulnerability.
Related
cvelist
cvelist
CVE-2019-5413
2019-03-17 19:36:35
githubexploit
githubexploit
Exploit for Command Injection in Morgan Project Morgan
2020-12-01 09:18:58
Exploit for Command Injection in Morgan Project Morgan
2021-02-16 07:25:57
Exploit for Command Injection in Morgan Project Morgan
2021-02-04 00:02:59
osv
osv
CVE-2019-5413
2019-03-21 16:01:05
Code Injection in morgan
2019-03-25 18:03:23
nvd
nvd
CVE-2019-5413
2019-03-21 16:01:05
veracode
veracode
Prototype Pollution
2018-10-29 08:53:21
prion
prion
Design/Logic Flaw
2019-03-21 16:01:00
hackerone
hackerone
Node.js third-party modules: Code Injection Vulnerability in morgan Package
2018-08-06 12:09:05
github
github
Code Injection in morgan
2019-03-25 18:03:23
cve
cve
CVE-2019-5413
2019-03-21 16:01:05