EUVD-2022-6553

Malicious code in bioql PyPI...

Remote Code Execution

morgan-json is vulnerable to remote code execution. The vulnerability exists due to the missing sanitizations of user input passed to the module.exports function, which allows remote attackers to inject and execute malicious code...

@amirmarmul/waba-common (>=2.2.51 <=2.9.8), @aptana/multichannel-common (>=2.9.12 <=2.9.19) +14 more potentially affected by CVE-2022-25921 via morgan-json (=1.1.0)

morgan-json NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on morgan-json and may be impacted: - @amirmarmul/waba-common =2.2.51, =2.9.12, =1.0.0, =1.1.3, =1.0.0, =1.0.3, =0.11.0, =2.0.0, =0.0.5, =1.0.0, =0.1.0, =1.1.0, =0.0.1, =2.1.5...

GHSA-FWV4-6MXC-X5H3 morgan-json vulnerable to Arbitrary Code Execution

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

morgan-json vulnerable to Arbitrary Code Execution

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

CVE-2022-25921

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

Design/Logic Flaw

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

CVE-2022-25921

CVE-2022-25921 affects the JavaScript package morgan-json . The vulnerability stems from missing sanitization of input passed to the Function constructor, enabling Arbitrary Code Execution . Multiple sources (Snyk, Veracode, GitHub advisories, OSV, CVE list) concur that all versions of morgan-jso...

CVE-2022-25921

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

Arbitrary Code Execution

Overview morgan-json is an A variant of morgan.compile that provides format functions that output JSON Affected versions of this package are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. PoC js var PUT = require'morgan-json';...

@amirmarmul/waba-common (>=2.2.51 <=2.9.8), @aptana/multichannel-common (>=2.9.12 <=2.9.19) +14 more potentially affected by CVE-2022-25921 via morgan-json (=1.1.0)

morgan-json NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on morgan-json and may be impacted: - @amirmarmul/waba-common =2.2.51, =2.9.12, =1.0.0, =1.1.3, =1.0.0, =1.0.3, =0.11.0, =2.0.0, =0.0.5, =1.0.0, =0.1.0, =1.1.0, =0.0.1, =2.1.5...