269 matches found
CVE-2026-5078
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
EUVD-2026-34067
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
CVE-2026-5078
CVE-2026-5078 affects the morgan logging middleware; versions 1.2.0 through 1.10.1 write the Basic auth username from the Authorization header into logs without neutralizing CR/LF control characters, enabling log forgery. Affected formats include built-in combined, common, default, short, and any...
CVE-2026-5078
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
PT-2026-45901
Name of the Vulnerable Software and Affected Versions morgan versions 1.2.0 through 1.10.1 Description The logging middleware fails to neutralize control characters when the :remote-user token extracts the Basic auth username from the Authorization request header. An unauthenticated attacker can...
EUVD-2025-178660
Malicious code in greatfilter-nova-morgan-private npm...
EUVD-2025-178145
Malicious code in leda-morgan-xanthus-ophiuchus npm...
EUVD-2025-176628
Malicious code in rimraf-playwright-morgan-norma npm...
EUVD-2025-179568
Malicious code in coronalmassejection-sirius-morgan-process npm...
EUVD-2025-178517
Malicious code in holography-commitizen-kardashevscale-morgan npm...
MAL-2025-187425 Malicious code in ignite-configstore-morgan-kastra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8906d0c8e8c3c3b8deed98d2a4f08dad36cbf617d92d432626f92cb068681443 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176902
Malicious code in pulsar-orogeny-heliophysics-morgan npm...
EUVD-2025-177758
Malicious code in morgan-magellan-public-envconfig npm...
EUVD-2025-180018
Malicious code in blueshift-lynx-dotenv-safe-morgan npm...
EUVD-2025-179776
Malicious code in chalk-supercluster-repository-morgan npm...
EUVD-2025-178457
Malicious code in ignite-configstore-morgan-kastra npm...
EUVD-2025-177755
Malicious code in morgan-react-bootstrap-cz-conventional-changelog-helios npm...
EUVD-2025-177757
Malicious code in morgan-meteor-loop-delphinus npm...