CVE-2017-16020

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1370%

EPSS Percentile40.73th

PublishedJun 4, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.

Affected Platforms (CPE)

📦

Summit Project

Summit

>= 0.1.0 and <= 0.1.21

References & Advisories

🔗 https://github.com/notduncansmith/summit/issues/23

🔗 https://nodesecurity.io/advisories/315

🔗 https://github.com/notduncansmith/summit/issues/23

🔗 https://nodesecurity.io/advisories/315

Related Vulnerabilities

CVE-2012-18547.8

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft V...

CVE-2017-632610.0

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual ...

CVE-2017-1091210.0

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.

CVE-2017-1092010.0

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a G...