Apache Couchdb

10 CVEs affecting Apache Couchdb. Latest disclosed: 2017-11-14. Critical: 1, High: 1.

Top CVEs affecting Apache Couchdb
CVESeverityScorePublishedSummary
CVE-2017-12635Critical9.82017-11-14Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to subm…
CVE-2017-12636High7.22017-11-14CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries…
CVE-2012-56492014-05-23Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adob…
CVE-2014-26682014-03-28Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
CVE-2012-56502014-03-18Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to…
CVE-2012-56412014-03-18Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x befor…
CVE-2010-38542011-02-02Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attacker…
CVE-2010-29532010-09-14Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a cra…
CVE-2010-22342010-08-19Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators f…
CVE-2010-00092010-04-05Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hash…