GMS-2016-70: Arbitrary Code Injection

October 17, 2016

An arbitrary code injection vector was found via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.

References

github.com/pouchdb/pouchdb/issues/5612

Code Behaviors & Features

Detect and mitigate GMS-2016-70 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →