Apache CouchDB Security Vulnerabilities
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an...
5.7CVSS
7.1AI Score
0.0004EPSS
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update list filter filter views (using view functions as filters) rewrite update This doesn't affect...
5.3CVSS
5.2AI Score
0.001EPSS
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of....