summit@0.1.19 vulnerabilities

A web framework for achievers

  • latest version

    0.1.22

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    9 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the summit package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Unsafe use of eval()

    summit is a node web framework.

    Affected versions of this package are vulnerable to Arbitrary Command Execution via the eval() function in the PouchDB driver. Node.js provides the eval() function by default, and is used to translate strings into Javascript code. An attacker can craft a malicious payload instead of a valid collection name to inject arbitrary commands.

    How to fix Unsafe use of eval()?

    There is no fix version for summit.

    >=0.1.0