EPSS
Percentile
80.0%
accesslog is vulnerable to arbitrary code injection. The vulnerability exists in compile function in compile.js due to lack of sanitization of inputs which allows an attacker to inject and execute arbitrary javascript code.
compile
compile.js
github.com/advisories/GHSA-8m2f-74r2-x3f2
github.com/carlos8f/node-accesslog/blob/master/lib/compile.js#L6
github.com/carlos8f/node-accesslog/blob/master/lib/compile.js%23L6