High severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024
CVE-2020-22403
CVE-2020-22403
Description
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
express-cartnpm | < 1.1.17 | 1.1.17 |
Affected products
2- Express cart/Express cartdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-h5q8-5697-9p9hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-22403ghsaADVISORY
- github.com/mrvautin/expressCart/commit/cd3ba1bc609c2f2946bfbc7ee2fccf3483eb71fbghsaWEB
- github.com/mrvautin/expressCart/issues/120ghsaWEB
- hackerone.com/reports/395944ghsaWEB
- security.netapp.com/advisory/ntap-20210909-0004ghsaWEB
- www.npmjs.com/package/express-cartghsaWEB
News mentions
0No linked articles in our index yet.