AVG-495 log

Package	couchdb
Status	Fixed
Severity	High
Type	multiple issues
Affected	2.1.0-1
Fixed	2.1.1-1
Current	3.5.1-1 [extra-testing] 3.5.0-2 [extra]
Ticket	None
Created	Thu Nov 16 16:09:32 2017

Issue	Severity	Remote	Type	Description
CVE-2017-12636	Medium	Yes	Arbitrary command execution	CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level...
CVE-2017-12635	High	Yes	Privilege escalation	Due to differences in the Erlang-based JSON parser and JavaScript- based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to...

Issue

Severity

Remote

Type

Description

CVE-2017-12636

Medium

Yes

Arbitrary command execution

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level...

CVE-2017-12635

High

Yes

Privilege escalation

Due to differences in the Erlang-based JSON parser and JavaScript- based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to...

Date	Advisory	Package	Type
16 Nov 2017	ASA-201711-24	couchdb	multiple issues

References
https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E https://justi.cz/security/2017/11/14/couchdb-rce-npm.html