2.5. CVE-2012-5649: JSONP arbitrary code execution with Adobe Flash

来源:CouchDB 浏览 216 扫码分享 2022-04-28 22:35:24

Date

14.01.2013

Affected

Releases up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable, if administrators have enabled JSONP.

Severity

Moderate

Vendor

The Apache Software Foundation

2.5.1. Description

A hand-crafted JSONP callback and response can be used to run arbitrary code inside client-side browsers via Adobe Flash.

Upgrade to a supported CouchDB release that includes this fix, such as:

All listed releases have included a specific fix.

Disable JSONP or don’t enable it since it’s disabled by default.

当前内容版权归 CouchDB 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 CouchDB .

本文档使用 BookStack 构建