FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a7dd4c2d-77e4-46de-81a2-c453c317f9de	couchdb -- user privilege escalation Cory Sabol reports: A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. Discovery 2021-08-09 Entry 2021-10-12 couchdb lt 3.1.2,2 CVE-2021-39205 https://docs.couchdb.org/en/stable/cve/2021-38295.html

VuXML ID

Description

a7dd4c2d-77e4-46de-81a2-c453c317f9de

couchdb -- user privilege escalation

Cory Sabol reports:

A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality.

Discovery 2021-08-09
Entry 2021-10-12
couchdb

lt 3.1.2,2

CVE-2021-39205
https://docs.couchdb.org/en/stable/cve/2021-38295.html