Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validate_doc_update list filter filter views (using view functions as filters) rewrite update This doesn't affect map/reduce or sea...
5.3CVSS
5AI Score
0.001EPSS
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output, insert the...
5.7CVSS
5.2AI Score
0.0004EPSS