Investigate vulnerability: Command Injection in morgan

Issue created from vulnerability 73059

Description:

An attacker can use the format parameter to inject arbitrary commands in the npm package morgan.

• Severity: critical
• Confidence: unknown
• Location: package-lock.json

Solution:

Upgrade to version 1.9.1 or above.

Identifiers:

• Gemnasium-79ad9fa9-4839-4917-8ca6-28734a125202
• CVE-2019-5413

Links:

• https://nvd.nist.gov/vuln/detail/CVE-2019-5413

Scanner:

• Name: Gemnasium