CVE-2023-52555

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.