Linux Distros Unpatched Vulnerability : CVE-2026-5078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log strea...

Improper Output Neutralization for Logs

Overview morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log stream without...

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

013-carrousel-multipe (=1.0.0), 0303-lb3-paket (=1.0.1) +18318 more potentially affected by CVE-2019-5413 via morgan (>=1.0.0 <=1.9.0)

morgan NPM version =1.0.0, =1.1.0, =1.0.2, =1.0.1, =1.0.2 and more Source cves: CVE-2019-5413 Source advisory: OSV:GHSA-GWG9-RGVJ-4H5J...

GHSA-GWG9-RGVJ-4H5J Code Injection in morgan

Verisons of morgan before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack. Recommendation Update to version 1.9.1 or later...