2 matches found
UBUNTU-CVE-2026-5078
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
morgan-json 安全漏洞
morgan-json is a variant of morgan.compile by Charlie Robbins, an American personal developer, which provides formatting functions that output JSON. A security vulnerability exists in all versions of morgan-json, which stems from a lack of sanitization of the input passed to the Function...