| |
Vulnerability CVE-2016-10546
Published: 2018-05-31
| Description: |
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands. |
Type:
CWE-94 (Improper Control of Generation of Code ('Code Injection'))
CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
10/10 |
10/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://nodesecurity.io/advisories/143
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
