Home Original page

couchdb - Arch Linux

Resolved

Group Affected Fixed Severity Status Ticket
AVG-759 2.1.1-1 2.1.2-1 High Fixed
AVG-753 2.1.2-1 2.2.0-1 High Fixed
AVG-495 2.1.0-1 2.1.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-11769 AVG-753 High Yes Arbitrary code execution 
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator- supplied...
CVE-2018-8007 AVG-759 High Yes Arbitrary code execution 
CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings...
CVE-2017-12636 AVG-495 Medium Yes Arbitrary command execution 
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level...
CVE-2017-12635 AVG-495 High Yes Privilege escalation 
Due to differences in the Erlang-based JSON parser and JavaScript- based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to...

Advisories

Date Advisory Group Severity Description
16 Nov 2017 ASA-201711-24 AVG-495 High multiple issues