morgan@1.2.3

Vulnerabilities

1 via 1 paths

Dependencies

5

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Arbitrary Code Injection

  • Vulnerable module: morgan
  • Introduced through: morgan@1.2.3

Detailed paths

  • Introduced through: morgan@1.2.3
    Remediation: Upgrade to morgan@1.9.1.

Overview

morgan is a HTTP request logger middleware for node.js.

Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker could use the format parameter to inject arbitrary commands.

Remediation

Upgrade morgan to version 1.9.1 or higher.

References