Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for summit node module by HackerOne

    CVE-2017-16020 (GCVE-0-2017-16020)

    Vulnerability from nvd – Published: 2018-06-04 19:00 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
    Severity
    No CVSS data available.
    CWE
    • CWE-94 - Code Injection (CWE-94)
    Assigner
    References
    Impacted products
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:13:06.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notduncansmith/summit/issues/23"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodesecurity.io/advisories/315"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "summit node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=0.1.0"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection (CWE-94)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-04T18:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notduncansmith/summit/issues/23"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodesecurity.io/advisories/315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2017-16020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "summit node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=0.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection (CWE-94)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/notduncansmith/summit/issues/23",
                  "refsource": "MISC",
                  "url": "https://github.com/notduncansmith/summit/issues/23"
                },
                {
                  "name": "https://nodesecurity.io/advisories/315",
                  "refsource": "MISC",
                  "url": "https://nodesecurity.io/advisories/315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2017-16020",
        "datePublished": "2018-06-04T19:00:00.000Z",
        "dateReserved": "2017-10-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:20.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16020 (GCVE-0-2017-16020)

    Vulnerability from cvelistv5 – Published: 2018-06-04 19:00 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
    Severity
    No CVSS data available.
    CWE
    • CWE-94 - Code Injection (CWE-94)
    Assigner
    References
    Impacted products
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:13:06.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notduncansmith/summit/issues/23"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodesecurity.io/advisories/315"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "summit node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=0.1.0"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection (CWE-94)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-04T18:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notduncansmith/summit/issues/23"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodesecurity.io/advisories/315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2017-16020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "summit node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=0.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection (CWE-94)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/notduncansmith/summit/issues/23",
                  "refsource": "MISC",
                  "url": "https://github.com/notduncansmith/summit/issues/23"
                },
                {
                  "name": "https://nodesecurity.io/advisories/315",
                  "refsource": "MISC",
                  "url": "https://nodesecurity.io/advisories/315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2017-16020",
        "datePublished": "2018-06-04T19:00:00.000Z",
        "dateReserved": "2017-10-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:20.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }