Vulnerability Details CVE-2016-10546
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Products affected by CVE-2016-10546
-
cpe:2.3:a:pouchdb:pouchdb:0.0.0
-
cpe:2.3:a:pouchdb:pouchdb:0.0.10
-
cpe:2.3:a:pouchdb:pouchdb:0.0.11
-
cpe:2.3:a:pouchdb:pouchdb:0.0.12
-
cpe:2.3:a:pouchdb:pouchdb:0.0.13
-
cpe:2.3:a:pouchdb:pouchdb:0.0.14
-
cpe:2.3:a:pouchdb:pouchdb:0.0.15
-
cpe:2.3:a:pouchdb:pouchdb:0.0.16
-
cpe:2.3:a:pouchdb:pouchdb:0.0.18
-
cpe:2.3:a:pouchdb:pouchdb:0.0.2
-
cpe:2.3:a:pouchdb:pouchdb:0.0.3
-
cpe:2.3:a:pouchdb:pouchdb:0.0.4
-
cpe:2.3:a:pouchdb:pouchdb:0.0.5
-
cpe:2.3:a:pouchdb:pouchdb:0.0.6
-
cpe:2.3:a:pouchdb:pouchdb:0.0.7
-
cpe:2.3:a:pouchdb:pouchdb:0.0.8
-
cpe:2.3:a:pouchdb:pouchdb:0.0.9
-
cpe:2.3:a:pouchdb:pouchdb:1.0.0
-
cpe:2.3:a:pouchdb:pouchdb:1.1.0
-
cpe:2.3:a:pouchdb:pouchdb:2.0.0
-
cpe:2.3:a:pouchdb:pouchdb:2.0.1
-
cpe:2.3:a:pouchdb:pouchdb:2.0.2
-
cpe:2.3:a:pouchdb:pouchdb:2.1.0
-
cpe:2.3:a:pouchdb:pouchdb:2.1.1
-
cpe:2.3:a:pouchdb:pouchdb:2.1.2
-
cpe:2.3:a:pouchdb:pouchdb:2.2.0
-
cpe:2.3:a:pouchdb:pouchdb:2.2.1
-
cpe:2.3:a:pouchdb:pouchdb:2.2.2
-
cpe:2.3:a:pouchdb:pouchdb:2.2.3
-
cpe:2.3:a:pouchdb:pouchdb:3.0.0
-
cpe:2.3:a:pouchdb:pouchdb:3.0.1
-
cpe:2.3:a:pouchdb:pouchdb:3.0.2
-
cpe:2.3:a:pouchdb:pouchdb:3.0.3
-
cpe:2.3:a:pouchdb:pouchdb:3.0.4
-
cpe:2.3:a:pouchdb:pouchdb:3.0.5
-
cpe:2.3:a:pouchdb:pouchdb:3.0.6
-
cpe:2.3:a:pouchdb:pouchdb:3.1.0
-
cpe:2.3:a:pouchdb:pouchdb:3.2.0
-
cpe:2.3:a:pouchdb:pouchdb:3.2.1
-
cpe:2.3:a:pouchdb:pouchdb:3.3.0
-
cpe:2.3:a:pouchdb:pouchdb:3.3.1
-
cpe:2.3:a:pouchdb:pouchdb:3.4.0
-
cpe:2.3:a:pouchdb:pouchdb:3.5.0
-
cpe:2.3:a:pouchdb:pouchdb:3.6.0
-
cpe:2.3:a:pouchdb:pouchdb:4.0.0
-
cpe:2.3:a:pouchdb:pouchdb:4.0.1
-
cpe:2.3:a:pouchdb:pouchdb:4.0.2
-
cpe:2.3:a:pouchdb:pouchdb:4.0.3
-
cpe:2.3:a:pouchdb:pouchdb:5.0.0
-
cpe:2.3:a:pouchdb:pouchdb:5.1.0
-
cpe:2.3:a:pouchdb:pouchdb:5.2.0
-
cpe:2.3:a:pouchdb:pouchdb:5.2.1
-
cpe:2.3:a:pouchdb:pouchdb:5.3.0
-
cpe:2.3:a:pouchdb:pouchdb:5.3.1
-
cpe:2.3:a:pouchdb:pouchdb:5.3.2
-
cpe:2.3:a:pouchdb:pouchdb:5.4.0
-
cpe:2.3:a:pouchdb:pouchdb:5.4.1
-
cpe:2.3:a:pouchdb:pouchdb:5.4.2
-
cpe:2.3:a:pouchdb:pouchdb:5.4.3
-
cpe:2.3:a:pouchdb:pouchdb:5.4.4
-
cpe:2.3:a:pouchdb:pouchdb:5.4.5
-
cpe:2.3:a:pouchdb:pouchdb:6.0.0
-
cpe:2.3:a:pouchdb:pouchdb:6.0.1
-
cpe:2.3:a:pouchdb:pouchdb:6.0.2
-
cpe:2.3:a:pouchdb:pouchdb:6.0.3
-
cpe:2.3:a:pouchdb:pouchdb:6.0.4