2 matches found
CVE-2016-10546
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands...
CVE-2016-10546
CVE-2016-10546 affects PouchDB 6.0.4 and earlier, where the code execution engine used for map/reduce in temporary views and design documents is not properly sandboxed. This allows execution of arbitrary JavaScript and potentially system commands via these branches. Affected component: PouchDB’s ...