In association with heise online

01 February 2011, 15:09

CouchDB update fixes cross-site scripting vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

CouchDB Logo The Apache CouchDB Project developers have issued version 1.0.2 of their NoSQL document-oriented database, a maintenance and security update. According to security specialist Secunia, the update addresses several cross-site scripting (XSS) vulnerabilities that could be exploited by an attacker, possibly leading to the execution of arbitrary HTML and script code in a user's browser session. The issue is caused by certain unspecified input not being properly sanitised before being returned to the user. Versions 0.8.0 to 1.0.1 are reportedly affected. All users are encouraged to upgrade to the latest release.

Further information about the update can be found in the mailing list release announcement. Apache CouchDB 1.0.2 is available to download from the project's web site and is licensed under the Apache License.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1181822
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit