CVE-2017-16020

Summary

Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.

Affected Software

VendorProductVersion RangeStatus
HackerOnesummit node module>=0.1.0affected

Weaknesses

  • CWE-94: Code Injection (CWE-94)

ADP Enrichment

CVE Program Container

Additional References

References