Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation vulnerability when using HTML attachments
Vulnerability Description
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache CouchDB 跨站脚本漏洞
Vulnerability Description
Apache CouchDB是美国阿帕奇(Apache)基金会的使用Erlang开发的一套面向文档的数据库系统。 Apache CouchDB 存在跨站脚本漏洞,该漏洞源于应用程序没有适当地施加安全限制,允许具有在数据库中创建文档权限的远程身份验证用户将HTML附件附加到文档。如果CouchDB管理员打开此类附件,则HTML代码将在管理员的浏览器中执行。以下产品及版本受到影响:Apache CouchDB 3.0.0, 3.0.1, 3.1.0, 3.1.1。
CVSS Information
N/A
Vulnerability Type
N/A