Description
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Remediation
References
https://hackerone.com/reports/343626
Related Vulnerabilities
CVE-2021-3223 Vulnerability in npm package node-red-dashboard
CVE-2023-49145 Vulnerability in maven package org.apache.nifi:nifi-jolt-transform-json-ui
CVE-2022-25916 Vulnerability in npm package mt7688-wiscan
CVE-2020-7785 Vulnerability in npm package node-ps
CVE-2022-41940 Vulnerability in maven package org.webjars.bower:engine.io