Description
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
Remediation
References
https://hackerone.com/reports/343726
Related Vulnerabilities
CVE-2019-13343 Vulnerability in maven package com.butor:portal
CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab
CVE-2020-8203 Vulnerability in maven package org.webjars.npm:lodash
CVE-2022-1291 Vulnerability in maven package org.webjars.bowergithub.hhurz:tableexport.jquery.plugin
CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_3