Vulnerability Details CVE-2022-25921
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.1%
CVSS Severity
CVSS v3 Score 8.1
References
- https://github.com/indexzero/morgan-json/blob/3a76010215a4256d41687d082cd66c4f00ea5717/index.js%23L46
- https://security.snyk.io/vuln/SNYK-JS-MORGANJSON-2976193
- https://github.com/indexzero/morgan-json/blob/3a76010215a4256d41687d082cd66c4f00ea5717/index.js%23L46
- https://security.snyk.io/vuln/SNYK-JS-MORGANJSON-2976193
Products affected by CVE-2022-25921
-
cpe:2.3:a:morgan-json_project:morgan-json:-
-
cpe:2.3:a:morgan-json_project:morgan-json:1.0.0
-
cpe:2.3:a:morgan-json_project:morgan-json:1.1.0