A DOM based cross-site scripting (XSS) flaw was found in the way browser-based test suite of Apache CouchDB, a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain query parameters. A remote attacker could provide a specially-crafted web page that, when accessed could lead to arbitrary web script or HTML execution in the context of a CouchDB user session. Upstream advisory: [1] http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F@apache.org%3E
This issue affects the versions of the couchdb package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the versions of the couchdb package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update.
Created couchdb tracking bugs for this issue Affects: fedora-all [bug 895597]
Created couchdb tracking bugs for this issue Affects: epel-all [bug 895599]