2. Security Issues / CVEs

• 2.1. CVE-2010-0009: Apache CouchDB Timing Attack Vulnerability
• 2.2. CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
• 2.3. CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue
• 2.4. CVE-2012-5641: Information disclosure via unescaped backslashes in URLs on Windows
• 2.5. CVE-2012-5649: JSONP arbitrary code execution with Adobe Flash
• 2.6. CVE-2012-5650: DOM based Cross-Site Scripting via Futon UI
• 2.7. CVE-2014-2668: DoS (CPU and memory consumption) via the count parameter to /_uuids
• 2.8. CVE-2017-12635: Apache CouchDB Remote Privilege Escalation
• 2.9. CVE-2017-12636: Apache CouchDB Remote Code Execution
• 2.10. CVE-2018-11769: Apache CouchDB Remote Code Execution
• 2.11. CVE-2018-17188: Apache CouchDB Remote Privilege Escalations
• 2.12. CVE-2018-8007: Apache CouchDB Remote Code Execution
• 2.13. CVE-2020-1955: Apache CouchDB Remote Privilege Escalation
• 2.14. CVE-2021-38295: Apache CouchDB Privilege Escalation
• 2.15. CVE-2022-24706: Apache CouchDB Remote Privilege Escalation