Apache CouchDB prior to 0.11.2 and 1.0.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious web site can POST arbitrary JavaScript code to wellknown CouchDB installation URLs and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon. This issue has been assigned the name CVE-2010-2234. References: http://seclists.org/fulldisclosure/2010/Aug/199
Created couchdb tracking bugs for this issue Affects: fedora-all [bug 624765]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.