VulnerableCode Vulnerability Details - VCID-eb7w-y953-67dy

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-eb7w-y953-67dy

Essentials
Severities (2)
References (3)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-eb7w-y953-67dy
Aliases	GHSA-9pr3-7449-977r GMS-2020-716
Summary	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in express-cart.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
generic_textual	LOW	https://hackerone.com/reports/395944
generic_textual	LOW	https://www.npmjs.com/advisories/808

Reference id	Reference type	URL
		https://hackerone.com/reports/395944
		https://www.npmjs.com/advisories/808
GHSA-9pr3-7449-977r		https://github.com/advisories/GHSA-9pr3-7449-977r

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:20:16.455806+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/express-cart/GMS-2020-716.yml	38.6.0