2 matches found
013-carrousel-multipe (=1.0.0), 0303-lb3-paket (=1.0.1) +18345 more potentially affected by CVE-2019-5413 via morgan (>=1.0.0 <=1.9.0)
morgan NPM version =1.0.0, =1.1.0, =1.0.2, =1.0.1, =1.0.2 and more Source cves: CVE-2019-5413 Source advisory: OSV:GHSA-GWG9-RGVJ-4H5J...
CVE-2019-5413
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan 1.9.1...