CVE-2018-12457: express-cart allows any user to create an admin user
(updated )
Express-Cart before 1.1.6 allows remote attackers to create an admin user via an /admin/setup Referer header.
References
- github.com/advisories/GHSA-hr89-w7p6-pjmq
- github.com/mrvautin/expressCart
- github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
- github.com/nodejs/security-wg/blob/main/vuln/npm/469.json
- hackerone.com/reports/343626
- nvd.nist.gov/vuln/detail/CVE-2018-12457
- snyk.io/vuln/npm:express-cart:20180712
- www.npmjs.com/advisories/730
- www.npmjs.com/package/express-cart?activeTab=versions
Code Behaviors & Features
Detect and mitigate CVE-2018-12457 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →