Product
apache couchdb
20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-45725
CVE-2023-26268
CVE-2022-24706
CVE-2021-38295
CVE-2020-1955
CVE-2018-17188
CVE-2018-14889
CVE-2018-11769
CVE-2018-8007
CVE-2016-8742
CVE-2017-12636
CVE-2017-12635
CVE-2012-5649
CVE-2014-2668
CVE-2012-5650
CVE-2012-5641
CVE-2010-3854
CVE-2010-2953
CVE-2010-2234
CVE-2010-0009
<= 3.3.2
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user
< 3.2.3
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when u
< 3.2.2
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gai
< 3.1.2
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a doc
all versions
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `r
< 2.3.0
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this l
all versions
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
< 2.2.0
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of adminis
<= 1.7.1
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator
all versions
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install
< 1.7.0
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for op
< 1.7.0
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0
<= 1.0.3
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JS
<= 1.5.0
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count p
<= 1.0.3
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.
<= 1.0.3
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache Couc
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 throug
all versions
Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users
all versions
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authe
all versions
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of op