Go modules package
github.com/couchbase/sync_gateway
pkg:golang/github.com/couchbase/sync_gateway
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-52490 | Hig | 7.3 | < 3.2.6 | 3.2.6 | Jul 29, 2025 | An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output. | |
| CVE-2019-9039 | Cri | 9.8 | < 2.5.0 | 2.5.0 | Jun 26, 2019 | In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. By i |
- affected < 3.2.6fixed 3.2.6
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
- affected < 2.5.0fixed 2.5.0
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. By i