Description
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Remediation
References
https://hackerone.com/reports/343626
Related Vulnerabilities
CVE-2021-43797 Vulnerability in maven package io.netty:netty-codec-http
CVE-2017-14949 Vulnerability in maven package org.restlet.osgi:org.restlet
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-6293 Vulnerability in npm package sequelize-typescript
CVE-2020-7637 Vulnerability in maven package org.webjars.npm:class-transformer