23 matches found
EUVD-2018-0259
Malware in sbrugna...
EUVD-2020-0999
Malware in sbrugna...
@qbunnyteam/superlogin (>=0.0.3 <=0.0.4), @sensu/superlogin (>=1.2.2 <=1.2.6) +16 more potentially affected by CVE-2020-7673 via node-extend (=0.2.0)
node-extend NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-extend and may be impacted: - @qbunnyteam/superlogin =0.0.3, =1.2.2, =0.1.0, =0.1.0, =0.0.0, =0.2.0, =4.1.4, =1.1.0, =1.4.1 and more Source cves: CVE-2020-7673 Source...
GHSA-CWCP-6C48-FM7M Unsafe eval() in summit allows arbitrary code execution
Affected versions of summit allow attackers to execute arbitrary commands via collection names when using the PouchDB driver. Recommendation No direct patch is available at this time. Currently, the best option to mitigate the issue is to avoid using the PouchDB driver, as the package author has...
Unsafe eval() in summit allows arbitrary code execution
Affected versions of summit allow attackers to execute arbitrary commands via collection names when using the PouchDB driver. Recommendation No direct patch is available at this time. Currently, the best option to mitigate the issue is to avoid using the PouchDB driver, as the package author has...
GHSA-CGQV-X5CX-XVQH Arbitrary Code Injection in pouchdb
Affected versions of pouchdb do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. Recommendation Update to version 6.0.5 or...
@ayk/registry (=1.0.0), @doodle3d/superlogin (>=0.6.2 <=0.7.0) +285 more potentially affected by CVE-2016-10546 via pouchdb (>=0.0.13 <=5.4.5)
pouchdb NPM version =0.0.13, =0.6.2, =3.4.1, =17.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =0.0.5, =0.0.2, =0.0.2, =0.0.1-dev.2, =0.0.4, =0.0.5-rc.1 and more Source cves: CVE-2016-10546 Source advisory: OSV:GHSA-CGQV-X5CX-XVQH...
Arbitrary Code Injection in pouchdb
Affected versions of pouchdb do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. Recommendation Update to version 6.0.5 or...
Summit Remote Code Execution Vulnerability
Summit is a Node.js-based web framework. A security vulnerability exists in Summit 0.1.0 and later versions. The vulnerability can be exploited by an attacker to execute arbitrary code when the framework uses the PouchDB driver...
CVE-2017-16020
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name...
CVE-2017-16020
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name...
Design/Logic Flaw
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name...
CVE-2017-16020
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name...
CVE-2017-16020
CVE-2017-16020 affects Summit (Node.js web framework) when using the PouchDB driver. Affected: Summit 0.1.0 and later. Vulnerability: collection names can be manipulated to execute arbitrary commands, enabling remote code execution. Exploitation details across connected sources consistently refer...
PT-2018-6051 · Summit +1 · Summit +1
Name of the Vulnerable Software and Affected Versions: Summit versions 0.1.0 and later Description: The issue allows an attacker to execute arbitrary commands via the collection name when using the PouchDB driver in the module. There is no information about the estimated number of potentially...
CVE-2016-10546
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands...
CVE-2016-10546
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands...
Code injection
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands...
CVE-2016-10546
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands...
CVE-2016-10546
CVE-2016-10546 affects PouchDB 6.0.4 and earlier, where the code execution engine used for map/reduce in temporary views and design documents is not properly sandboxed. This allows execution of arbitrary JavaScript and potentially system commands via these branches. Affected component: PouchDB’s ...