Affected versions:
- Apache CouchDB through 3.3.1
- IBM Cloudant through 8349
Description:
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:
* validate_doc_update
* list
* filter
* filter views (using view functions as filters)
* rewrite
* update
This doesn't affect map/reduce or search (Dreyfus) index functions.
Work Arounds:
Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
Credit:
Nick Vatamaniuc
vata...@apache.org (finder)
References:
https://couchdb.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-26268