summit@0.1.22 vulnerabilities

A web framework for achievers

Direct Vulnerabilities

Known vulnerabilities in the summit package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Unsafe use of eval()

summit is a node web framework.

Affected versions of this package are vulnerable to Arbitrary Command Execution via the eval() function in the PouchDB driver. Node.js provides the eval() function by default, and is used to translate strings into Javascript code. An attacker can craft a malicious payload instead of a valid collection name to inject arbitrary commands.

How to fix Unsafe use of eval()?

There is no fix version for summit.

>=0.1.0
  • M
Unsafe use of eval()

summit is a node web framework.

Affected versions of this package are vulnerable to Arbitrary Command Execution via the eval() function in the PouchDB driver. Node.js provides the eval() function by default, and is used to translate strings into Javascript code. An attacker can craft a malicious payload instead of a valid collection name to inject arbitrary commands.

How to fix Unsafe use of eval()?

There is no fix version for summit.

>=0.1.0