Critical severity9.8OSV Advisory· Published Mar 21, 2019· Updated Jun 17, 2026
CVE-2019-5413
CVE-2019-5413
Description
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
morgannpm | < 1.9.1 | 1.9.1 |
Affected products
2Patches
Vulnerability mechanics
References
9- hackerone.com/reports/390881nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-gwg9-rgvj-4h5jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-5413ghsaADVISORY
- github.com/nodejs/security-wg/blob/master/vuln/npm/473.jsonghsaWEB
- lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3@%3Ccommits.netbeans.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63@%3Cnotifications.netbeans.apache.org%3EghsaWEB
- www.npmjs.com/advisories/736ghsaWEB
- lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3%40%3Ccommits.netbeans.apache.org%3Envd
- lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63%40%3Cnotifications.netbeans.apache.org%3Envd
News mentions
0No linked articles in our index yet.