Description
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Remediation
References
https://hackerone.com/reports/343626
Related Vulnerabilities
CVE-2022-39353 Vulnerability in maven package org.webjars.npm:xmldom
CVE-2022-24839 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml
CVE-2022-25847 Vulnerability in npm package serve-lite
CVE-2018-16491 Vulnerability in npm package node.extend
CVE-2018-19048 Vulnerability in maven package org.webjars.bower:simditor