GHSA-3fc5-9x9m-vqc4: Duplicate Advisory: Privilege Escalation in express-cart

June 3, 2019 (updated February 3, 2026)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-hr89-w7p6-pjmq. This link is maintained to preserve external references.

Original Description

Versions of express-cart before 1.1.6 are vulnerable to privilege escalation. This vulnerability can be exploited so that normal users can escalate their privilege and add new administrator users.

Recommendation

Update to version 1.1.6 or later.

References

github.com/advisories/GHSA-3fc5-9x9m-vqc4
github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
github.com/nodejs/security-wg/blob/master/vuln/npm/469.json
hackerone.com/reports/343626
snyk.io/vuln/npm:express-cart:20180712
www.npmjs.com/advisories/730

Code Behaviors & Features

Detect and mitigate GHSA-3fc5-9x9m-vqc4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →