Affected versions of summit
allow attackers to execute arbitrary commands via collection names when using the PouchDB
driver.
No direct patch is available at this time.
Currently, the best option to mitigate the issue is to avoid using the PouchDB
driver, as the package author has abandoned this feature entirely.