morgan@1.3.2 vulnerabilities | morgan 1.3.2

Vulnerabilities	1 via 1 paths
Dependencies	4
Source	npm

Find a vulnerability free version of morgan | View morgan package health on Snyk Advisor

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Severity

Critical
High
Medium
1
Low

Status

Open
1
Patched
0
Ignored
0

medium severity

Arbitrary Code Injection

Vulnerable module: morgan
Introduced through: morgan@1.3.2

Detailed paths

Introduced through: morgan@1.3.2

Remediation: Upgrade to morgan@1.9.1.

Overview

morgan is a HTTP request logger middleware for node.js.

Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker could use the format parameter to inject arbitrary commands.

Remediation

Upgrade morgan to version 1.9.1 or higher.

References

GitHub Commit
HackerOne Report

Arbitrary Code Injection vulnerability report

Vulnerabilities

Dependencies