2.3. CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue

来源:CouchDB 浏览 364 扫码分享 2022-04-28 22:35:22

2.3. CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue

2.3. CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue

Date

28.01.2011

Affected

Apache CouchDB 0.8.0 to 1.0.1

Severity

Important

Vendor

The Apache Software Foundation

2.3.1. Description

Apache CouchDB versions prior to version 1.0.2 are vulnerable to Cross Site Scripting (XSS) attacks.

2.3.2. Mitigation

All users should upgrade to CouchDB 1.0.2.

Upgrades from the 0.11.x and 0.10.x series should be seamless.

Users on earlier versions should consult with upgrade notes.

2.3.3. Example

Due to inadequate validation of request parameters and cookie data in Futon, CouchDB’s web-based administration UI, a malicious site can execute arbitrary code in the context of a user’s browsing session.

2.3.4. Credit

This XSS issue was discovered by a source that wishes to stay anonymous.

当前内容版权归 CouchDB 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 CouchDB .

本文档使用 BookStack 构建