Description
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Remediation
References
https://hackerone.com/reports/343626
Related Vulnerabilities
CVE-2020-10693 Vulnerability in maven package org.hibernate.validator:hibernate-validator
CVE-2023-39013 Vulnerability in maven package no.priv.garshol.duke:duke
CVE-2019-13127 Vulnerability in maven package org.webjars.bower:mxgraph
CVE-2017-16108 Vulnerability in npm package gaoxiaotingtingting
CVE-2023-34453 Vulnerability in maven package org.xerial.snappy:snappy-java