Vulnerability Description
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Summit Project | Summit | >= 0.1.0, <= 0.1.21 |
Related Weaknesses (CWE)
References
- https://github.com/notduncansmith/summit/issues/23Third Party Advisory
- https://nodesecurity.io/advisories/315Third Party Advisory
- https://github.com/notduncansmith/summit/issues/23Third Party Advisory
- https://nodesecurity.io/advisories/315Third Party Advisory
FAQ
What is CVE-2017-16020?
CVE-2017-16020 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
How severe is CVE-2017-16020?
CVE-2017-16020 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-16020?
Check the references section above for vendor advisories and patch information. Affected products include: Summit Project Summit.