VYPR

Bitnami package

couchdb

pkg:bitnami/couchdb

Vulnerabilities (5)

  • CVE-2023-45725Dec 13, 2023
    affected < 3.3.3fixed 3.3.3

    Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: *   list *   show *   rewrite *   update An attacker can leak the sessio

  • CVE-2023-26268May 2, 2023
    affected < 3.2.3fixed 3.2.3

    Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewr

  • CVE-2022-24706KEVApr 26, 2022
    affected < 3.2.2fixed 3.2.2

    In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a fi

  • CVE-2021-38295Oct 14, 2021
    affected < 3.1.2fixed 3.1.2

    In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML

  • CVE-2020-1955May 20, 2020
    affected >= 3.0.0, < 3.0.1fixed 3.0.1

    CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and