Github.Com Couchbase Sync Gateway vulnerabilities
2 known vulnerabilities affecting github.com/couchbase_sync_gateway.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2019-9039P3CRITICAL≥ 0, < 2.5.02022-02-15
CVE-2019-9039 [CRITICAL] CWE-89 SQL Injection in Couchbase Sync Gateway
SQL Injection in Couchbase Sync Gateway
The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters ?startkey? and ?endkey? of the ?_all_docs? endpoint.
ghsaosv
CVE-2025-52490P3HIGH≥ 0, < 3.2.62025-07-29
CVE-2025-52490 [HIGH] CWE-319 Couchbase Sync Gateway shows cleartext passwords in redacted and unredacted output
Couchbase Sync Gateway shows cleartext passwords in redacted and unredacted output
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
ghsa