Arbitrary Command Execution Vulnerability in Summit Node Web Framework

Arbitrary Command Execution Vulnerability in Summit Node Web Framework

CVE-2017-16020 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.

Learn more about our Web App Pen Testing.