CVE-2019-5413 An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. Source: NIST March 21, 2019 by admin Uncategorized