Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-10546 Vulnerability in maven package org.webjars:pouchdb

Description

An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.

Remediation

References

https://nodesecurity.io/advisories/143

Related Vulnerabilities

CVE-2021-21294 Vulnerability in maven package org.http4s:http4s-blaze-server_2.13

CVE-2016-8751 Vulnerability in maven package org.apache.ranger:ranger

CVE-2020-2208 Vulnerability in maven package org.jenkins-ci.plugins:slack-uploader

CVE-2020-14967 Vulnerability in maven package org.webjars.bower:jsrsasign

CVE-2017-12963 Vulnerability in maven package org.webjars.npm:node-sass

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory