CVE-2016-10546

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.

Ссылки

https://nodesecurity.io/advisories/143
Third Party Advisory
https://nodesecurity.io/advisories/143
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pouchdb:pouchdb:*:*:*:*:*:node.js:*:*

Версия до 6.0.4 (включая)

EPSS

Процентиль: 76%

0.00931

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-cgqv-x5cx-xvqh

github

больше 7 лет назад

Arbitrary Code Injection in pouchdb

BDU:2018-00915