Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability

Bugtraq ID:	105046
Class:	Input Validation Error
CVE:	CVE-2018-11769
Remote:	Yes
Local:	No
Published:	Aug 08 2018 12:00AM
Updated:	Aug 08 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Apache CouchDB 2.1.1 Apache CouchDB 2.1 Apache CouchDB 2.0 Apache CouchDB 1.7 Apache CouchDB 1.6 Apache CouchDB 1.2.1 Apache CouchDB 1.2 Apache CouchDB 1.1.2 Apache CouchDB 1.1.1 Apache CouchDB 1.0.4 Apache CouchDB 1.0.3 Apache CouchDB 1.0.2 Apache CouchDB 1.0.1 Apache CouchDB 1.0 Apache CouchDB 2.1.2 Apache CouchDB 2.0 Apache CouchDB 1.7.2 Apache CouchDB 1.1.0
Not Vulnerable:	Apache CouchDB 2.2

Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability

Apache CouchDB is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application.

Apache CouchDB versions 1.x through 2.1.2 are vulnerable.

Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability

References:

• CVE-2018-11769: Apache CouchDB Remote Code Execution (affects versions 1.x and (Seclists.org)
  
• Apache Homepage (Apache)
  
• Subject: CVE-2018-11769: Apache CouchDB Remote Code Execution (affects versions (Apache)