An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| @evershop/evershop(npm) | 0 | 1.0.0-rc.8 | N/A |
CVSS Metrics
