Description
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.
Remediation
References
https://nodesecurity.io/advisories/143
Related Vulnerabilities
CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-util
CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2022-31186 Vulnerability in npm package next-auth
CVE-2021-28918 Vulnerability in npm package netmask
CVE-2019-1010260 Vulnerability in maven package com.github.shyiko:ktlint