An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://nodesecurity.io/advisories/143 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2018-05-31T20:00:00Z
Updated: 2024-09-16T17:07:44.297Z
Reserved: 2017-10-29T00:00:00
Link: CVE-2016-10546
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-05-31T20:29:01.690
Modified: 2024-11-21T02:44:14.320
Link: CVE-2016-10546
Redhat
No data.