Affected versions of
summit allow attackers to execute arbitrary commands via collection names when using the
No direct patch is available at this time.
Currently, the best option to mitigate the issue is to avoid using the
PouchDB driver, as the package author has abandoned this feature entirely.
publishedAdvisory publishedApr 14th, 2017
reportedInitial report by Cristian-Alexandru StaicuMar 6th, 2017