Lucene search
PRIOn knowledge basePRION:CVE-2023-26268HistoryMay 02, 2023 - 9:15 p.m.
Code injection
2023-05-0221:15:00
PRIOn knowledge base
www.prio-n.com
2
data injection
javascript environment
design documents
apache couchdb
vulnerability
workaround
nvd
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:
-
validate_doc_update
-
list
-
filter
-
filter views (using view functions as filters)
-
rewrite
-
update
This doesn’t affect map/reduce or search (Dreyfus) index functions.
Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).
Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
Related
nessus
nessus
openvas
openvas
cvelist
cvelist
osv
osv
CVE-2023-26268
2023-05-02 21:15:09
BIT-couchdb-2023-26268
2024-03-06 10:51:14
freebsd
freebsd
couchdb -- information sharing via couchjs processes
2023-05-02 00:00:00
ubuntucve
ubuntucve
CVE-2023-26268
2023-05-02 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality due to [CVE-2023-26268]
2023-08-24 15:11:36
nvd
nvd
CVE-2023-26268
2023-05-02 21:15:09
cve
cve
CVE-2023-26268
2023-05-02 21:15:09
cnvd
cnvd
Apache CouchDB Information Disclosure Vulnerability
2023-05-08 00:00:00