Description
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
Remediation
References
https://hackerone.com/reports/343726
Related Vulnerabilities
CVE-2017-16095 Vulnerability in npm package serverliujiayi1
CVE-2020-6464 Vulnerability in npm package electron
CVE-2023-29529 Vulnerability in npm package matrix-js-sdk
CVE-2018-1002200 Vulnerability in maven package org.codehaus.plexus:plexus-archiver
CVE-2020-28502 Vulnerability in maven package org.webjars.npm:xmlhttprequest