couchdb

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Document-oriented database that can be queried and indexed in a MapReduce fashion using JSON
Version 3.3.3-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2708 3.2.1-1 3.2.2-2 Critical Not affected
AVG-2458 3.1.1-4 3.1.2-1 Medium Fixed
AVG-759 2.1.1-1 2.1.2-1 High Fixed
AVG-753 2.1.2-1 2.2.0-1 High Fixed
AVG-495 2.1.0-1 2.1.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2022-24706 AVG-2708 Critical Yes Privilege escalation 
An attacker can access an improperly secured default installation without authenticating and gain admin privileges.  CouchDB 3.2.2 and onwards will refuse...
CVE-2021-38295 AVG-2458 Medium Yes Privilege escalation 
A security issue has been found in Apache CouchDB before version 3.1.2. A malicious user with permission to create documents in a database is able to attach...
CVE-2018-11769 AVG-753 High Yes Arbitrary code execution 
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator- supplied...
CVE-2018-8007 AVG-759 High Yes Arbitrary code execution 
CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings...
CVE-2017-12636 AVG-495 Medium Yes Arbitrary command execution 
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level...
CVE-2017-12635 AVG-495 High Yes Privilege escalation 
Due to differences in the Erlang-based JSON parser and JavaScript- based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to...

Advisories

Date Advisory Group Severity Type
16 Nov 2017 ASA-201711-24 AVG-495 High multiple issues