Description
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Remediation
References
https://hackerone.com/reports/343626
Related Vulnerabilities
CVE-2021-29438 Vulnerability in npm package dialogs
CVE-2013-6372 Vulnerability in maven package org.jenkins-ci.plugins:subversion
CVE-2022-36889 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework
CVE-2021-23358 Vulnerability in maven package org.webjars.bowergithub.jashkenas:underscore
CVE-2022-24839 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml