Description
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.
Remediation
References
https://github.com/indexzero/morgan-json/blob/3a76010215a4256d41687d082cd66c4f00ea5717/index.js%23L46
https://security.snyk.io/vuln/SNYK-JS-MORGANJSON-2976193
Related Vulnerabilities
CVE-2018-3738 Vulnerability in npm package protobufjs
CVE-2020-14967 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee10:jetty-ee10-servlets
CVE-2022-36157 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2022-36127 Vulnerability in npm package skywalking-backend-js