CVE-2012-5649

CWE-94Code Injection6 documents4 sources
Severity
6.8MEDIUM
EPSS
1.8%
top 17.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Couchdb
Timeline
PublishedMay 23
Latest updateMay 17

Description

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapache/couchdb1.0.3+6

🔴Vulnerability Details

2
GHSA
GHSA-w437-cqhg-f7j8: Apache CouchDB before 12022-05-17
CVEList
CVE-2012-5649: Apache CouchDB before 12014-05-23

💬Community

3
Bugzilla
CVE-2012-5649 CVE-2012-5650 couchdb various flaws [fedora-all]2013-01-15
Bugzilla
CVE-2012-5649 couchdb: JSONP arbitrary code execution with Adobe Flash2013-01-15
Bugzilla
CVE-2012-5649 CVE-2012-5650 couchdb various flaws [epel-all]2013-01-15
CVE-2012-5649 (MEDIUM CVSS 6.8) | Apache CouchDB before 1.0.4 | cvebase.io