Loading HuntDB...

GHSA-97qc-h8j3-mgv9

GitHub Security Advisory

⚠ Unreviewed MODERATE Has CVE

Advisory Details

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:
* validate_doc_update

* list

* filter

* filter views (using view functions as filters)

* rewrite

* update

This doesn't affect map/reduce or search (Dreyfus) index functions.

Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).

Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

Related CVEs

Key Information

GHSA ID
GHSA-97qc-h8j3-mgv9
Published
May 2, 2023 9:31 PM
Last Modified
April 4, 2024 3:46 AM
CVSS Score
5.0 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.