Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.
These design document functions are:
An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an “update” function.
For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.
Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object’s headers
[
{
"defaultStatus": "affected",
"product": "Apache CouchDB",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IBM Cloudant",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "8413",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]