GHSA-4w62-cq5r-5mmq

GitHub Security Advisory

express-cart unrestricted file upload vulnerability

✓ GitHub Reviewed HIGH Has CVE

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.

npm express-cart

Affected versions: 0 (fixed in 1.1.7)

CVE-2018-3758

GHSA ID

GHSA-4w62-cq5r-5mmq

Published

May 13, 2022 1:32 AM

Last Modified

April 1, 2024 10:03 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

express-cart

GitHub Reviewed

✓ Yes

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.