2.2. CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack¶
Apache CouchDB 0.8.0 to 0.11.1
The Apache Software Foundation
Apache CouchDB versions prior to version 0.11.1 are vulnerable to Cross Site Request Forgery (CSRF) attacks.
All users should upgrade to CouchDB 0.11.2 or 1.0.1.
Upgrades from the 0.11.x and 0.10.x series should be seamless.
Users on earlier versions should consult with upgrade notes.
Unrelated, but in addition the JSONP API has been turned off by default to avoid potential information leakage.
This CSRF issue was discovered by a source that wishes to stay anonymous.