Necessary Pigeonholing Mechanism

npm

JoinLog In
Severity: moderate

Code Injection

morgan

Overview

Verisons of morgan before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.

Remediation

Update to version 1.9.1 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. Created

    2018-11-09T19:08:17.215Z

  2. Updated

    2018-11-09T19:08:31.825Z