couchdb

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A document-oriented database that can be queried and indexed in a MapReduce fashion using JSON
Version 2.1.2-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-495 2.1.0-1 2.1.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-12636 AVG-495 Medium Yes Arbitrary command execution
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level...
CVE-2017-12635 AVG-495 High Yes Privilege escalation
Due to differences in the Erlang-based JSON parser and JavaScript- based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to...

Advisories

Date Advisory Group Severity Description
16 Nov 2017 ASA-201711-24 AVG-495 High multiple issues