Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-26268

Опубликовано: 02 мая 2023
Источник: nvd
CVSS3: 4.4
CVSS3: 5.3
EPSS Низкий

Описание

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:

  • validate_doc_update

  • list

  • filter

  • filter views (using view functions as filters)

  • rewrite

  • update

This doesn't affect map/reduce or search (Dreyfus) index functions.

Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).

Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*
Версия до 3.2.3 (исключая)
cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*
Версия от 3.3.0 (включая) до 3.3.2 (исключая)
Конфигурация 2
cpe:2.3:a:ibm:cloudant:*:*:*:*:*:*:*:*
Версия до 8349 (включая)

EPSS

Процентиль: 14%
0.00045
Низкий

4.4 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2023-26268

CVSS3: 4.4
ubuntu
почти 3 года назад

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

debian логотип

CVE-2023-26268

CVSS3: 4.4
debian
почти 3 года назад

Design documents with matching document IDs, from databases on the sam ...

github логотип

GHSA-97qc-h8j3-mgv9

CVSS3: 4.4
github
почти 3 года назад

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

EPSS

Процентиль: 14%
0.00045
Низкий

4.4 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200
NVD-CWE-noinfo