CVE-2016-10546

描述

Affected versions of `pouchdb` do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. ## Recommendation Update to version 6.0.5 or later.

如何修補 CVE-2016-10546

要修補 CVE-2016-10546,請將受影響套件升級到下列已修補版本。

• npm/pouchdb—升級至 6.0.5 或更新版本

CVE-2016-10546 正在被利用嗎?

低 — EPSS 為 0.9%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 6.0.5

參考連結(3)

• ADVISORYgithub.com/advisories/GHSA-cgqv-x5cx-xvqh
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-10546
• WEBwww.npmjs.com/advisories/143