Home > Vulnerability Database > CVE-2016-10546

Mend.io Vulnerability Database

CVE-2016-10546

Good to know:

Date: May 31, 2018

An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.

Language: JS

Severity Score

9.8

Related Resources (5)

Url: https://www.npmjs.com/advisories/143

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-10546

Url: https://github.com/advisories/GHSA-cgqv-x5cx-xvqh

Url: https://nodesecurity.io/advisories/143

Url: https://www.mend.io/vulnerability-database/CVE-2016-10546

Severity Score

9.8

Weakness Type (CWE)

Code Injection

CWE-94

Top Fix

Upgrade Version

Upgrade to version pouchdb - 6.0.5

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-10546

Good to know:

Date: May 31, 2018

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?