Description
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Remediation
References
https://hackerone.com/reports/343626
Related Vulnerabilities
CVE-2020-13920 Vulnerability in maven package org.apache.activemq:activemq-broker
CVE-2022-3952 Vulnerability in maven package com.manydesigns:portofino-microservice-launcher
CVE-2018-13339 Vulnerability in npm package angular-redactor
CVE-2020-7726 Vulnerability in npm package safe-object2
CVE-2016-10538 Vulnerability in maven package org.webjars.npm:cli