CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-16020

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile40.73th
Published2018年6月4日
Last Modified2024年11月21日

Vulnerability Description

Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.

Affected Platforms (CPE)

📦
Summit Project

Summit

>= 0.1.0 and <= 0.1.21

References & Advisories

🔗 https://github.com/notduncansmith/summit/issues/23
🔗 https://nodesecurity.io/advisories/315
🔗 https://github.com/notduncansmith/summit/issues/23
🔗 https://nodesecurity.io/advisories/315

相關漏洞威脅

CVE-2012-18547.8

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft V...

CVE-2017-522610.0

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioc...

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...