Apache CouchDB that is designed to run well within the browser.
Vulnerable versions of the package had the
evalView function in
pouchdb-core to execute the view
function without a sandbox. The fix was introduced in version
6.0.5, executing the view function in a sandbox and enforcing strict mode when running in Node.js.
The vulnerability was reported by micaksica.
pouchDB to version 6.0.5 or later.