Mandriva Linux Security Advisory 2013-067 - A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain JSON callback. A remote attacker could provide a specially-crafted JSON callback that, when processed could lead to arbitrary JSON code execution via Adobe Flash. A DOM based cross-site scripting flaw was found in the way browser- based test suite of Apache CouchDB, a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain query parameters. A remote attacker could provide a specially-crafted web page that, when accessed could lead to arbitrary web script or HTML execution in the context of a CouchDB user session.
27e3ca3316198e92252740ae172715149864d7743816d5b31b45c4c661c48195
Apache CouchDB versions up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable to a DOM based cross site scripting issue.
c4a4d0ab65eac5dc5149ee6760f776cab2bbc0d6b3d641a0e367abd408c3dd9f