GMS-2019-122: Privilege Escalation in express-cart

June 3, 2019 (updated August 4, 2021)

Versions of express-cart before 1.1.6 are vulnerable to privilege escalation. This vulnerability can be exploited so that normal users can escalate their privilege and add new administrator users.

Recommendation

Update to version 1.1.6 or later.

References

github.com/advisories/GHSA-3fc5-9x9m-vqc4
github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
github.com/nodejs/security-wg/blob/master/vuln/npm/469.json
hackerone.com/reports/343626
snyk.io/vuln/npm:express-cart:20180712
www.npmjs.com/advisories/730

Detect and mitigate GMS-2019-122 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →