CVE-2016-10546

CVE-2016-10546

Vendor Hackerone
Product pouchdb node module
Weakness CWE-94 · Code injection
Published May 31, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.

Key dates

02Disclosure timeline

May 31, 2018 CVE published
September 16, 2024 Record updated