NodeJS/express-cart/1.1.14
A fully functioning Node.js shopping cart with Stripe, PayPal and Authorize.net payments.
https://www.npmjs.com/package/express-cart
MIT
2 Security Vulnerabilities
Cross-Site Scripting in express-cart
Published date: 2020-09-02T18:21:26Z
Links:
All versions of harp
are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
Affected versions:
["0.0.1-security", "1.0.1", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.1.6", "1.1.7", "1.1.8", "1.1.9", "1.1.10", "1.1.11", "1.1.12", "1.1.13", "1.1.14", "1.1.15", "1.1.16", "1.1.17"]
Secure versions:
[]
Cross-Site Request Forgery in express-cart
Published date: 2021-08-30T17:22:15Z
CVE: CVE-2020-22403
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2020-22403
- https://github.com/advisories/GHSA-h5q8-5697-9p9h
- https://github.com/mrvautin/expressCart/commit/cd3ba1bc609c2f2946bfbc7ee2fccf3483eb71fb
- https://hackerone.com/reports/395944
- https://www.npmjs.com/package/express-cart
- https://security.netapp.com/advisory/ntap-20210909-0004/
- https://github.com/mrvautin/expressCart/issues/120
The express-cart package through 1.1.10 for Node.js allows CSRF.
Affected versions:
["0.0.1-security", "1.0.1", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.1.6", "1.1.7", "1.1.8", "1.1.9", "1.1.10", "1.1.11", "1.1.12", "1.1.13", "1.1.14", "1.1.15", "1.1.16"]
Secure versions:
[]
19 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
1.1.17 | MIT | 1 | 2020-03-20 - 05:16 | about 4 years |
1.1.16 | MIT | 2 | 2020-01-22 - 09:28 | over 4 years |
1.1.15 | MIT | 2 | 2019-12-18 - 07:12 | over 4 years |
1.1.14 | MIT | 2 | 2019-11-11 - 09:18 | over 4 years |
1.1.13 | MIT | 2 | 2019-10-26 - 06:51 | over 4 years |
1.1.12 | MIT | 2 | 2019-06-13 - 11:15 | almost 5 years |
1.1.11 | MIT | 2 | 2019-02-09 - 10:56 | about 5 years |
1.1.10 | MIT | 2 | 2018-10-05 - 11:59 | over 5 years |
1.1.9 | MIT | 2 | 2018-08-31 - 05:13 | over 5 years |
1.1.8 | MIT | 2 | 2018-08-31 - 03:31 | over 5 years |
1.1.7 | MIT | 4 | 2018-06-01 - 11:32 | almost 6 years |
1.1.6 | MIT | 5 | 2018-05-30 - 09:08 | almost 6 years |
1.1.5 | MIT | 11 | 2018-02-05 - 18:34 | about 6 years |
1.1.4 | MIT | 11 | 2018-02-05 - 18:26 | about 6 years |
1.1.3 | ISC | 11 | 2018-02-05 - 15:53 | about 6 years |
1.1.2 | ISC | 11 | 2018-02-03 - 19:20 | about 6 years |
1.1.1 | MIT | 11 | 2018-01-10 - 20:28 | over 6 years |
1.0.1 | MIT | 11 | 2018-01-09 - 21:09 | over 6 years |
0.0.1-security | ISC | 11 | 2016-07-11 - 17:31 | almost 8 years |