QID 983966
QID 983966: Nodejs (npm) Security Update for morgan (GHSA-gwg9-rgvj-4h5j)
Verisons of `morgan` before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack. ## Recommendation Update to version 1.9.1 or later.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-gwg9-rgvj-4h5j for updates pertaining to this vulnerability.
Vendor References
- GHSA-gwg9-rgvj-4h5j -
github.com/advisories/GHSA-gwg9-rgvj-4h5j
CVEs related to QID 983966
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-gwg9-rgvj-4h5j | morgan |
|