CVE-2016-10546
Arbitrary Code Injection in pouchdb
EPSS 0.93%
Description
Affected versions of `pouchdb` do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. ## Recommendation Update to version 6.0.5 or later.
How to fix CVE-2016-10546
To remediate CVE-2016-10546, upgrade the affected package to a fixed version below.
- npm/pouchdb—upgrade to 6.0.5 or later
Is CVE-2016-10546 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 6.0.5