An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-05-31T20:00:00Z

Updated: 2024-09-16T17:07:44.297Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2016-10546

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-05-31T20:29:01.690

Modified: 2024-11-21T02:44:14.320

Link: CVE-2016-10546

cve-icon Redhat

No data.