Description
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Remediation
References
https://hackerone.com/reports/343626
Related Vulnerabilities
CVE-2020-7773 Vulnerability in npm package markdown-it-highlightjs
CVE-2020-8237 Vulnerability in maven package org.webjars.bower:json-bigint
CVE-2021-23639 Vulnerability in npm package md-to-pdf
CVE-2020-36048 Vulnerability in npm package engine.io
CVE-2020-2282 Vulnerability in maven package org.jenkins-ci.plugins:implied-labels