CVE-2012-5650
Published: 18 March 2014
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.
Notes
| Author | Note |
|---|---|
| jdstrand | Workaround is to disable the Futon interface (see full-disclosure information) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
couchdb Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Not vulnerable
(1.2.0-5ubuntu1)
|
|
| saucy |
Not vulnerable
(1.2.0-5ubuntu1)
|
|
| trusty |
Does not exist
(trusty was not-affected [1.2.0-5ubuntu1])
|
|
| upstream |
Released
(1.0.4, 1.2.0-5)
|
|
| utopic |
Not vulnerable
(1.2.0-5ubuntu1)
|
|
| vivid |
Not vulnerable
(1.2.0-5ubuntu1)
|
|
| wily |
Not vulnerable
(1.2.0-5ubuntu1)
|
|
| xenial |
Not vulnerable
(1.2.0-5ubuntu1)
|
|
| yakkety |
Not vulnerable
(1.2.0-5ubuntu1)
|
|
| zesty |
Not vulnerable
(1.2.0-5ubuntu1)
|
|
|
Patches: upstream: https://github.com/apache/couchdb/commit/6cc84db91037d707f37832cdb2873bff31533c1b |
||