CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
The Apache Software Foundation
Apache CouchDB 0.8.0 to 0.11.0
Apache CouchDB versions prior to version 0.11.1 are vulnerable to
cross site request forgery (CSRF) attacks.
All users should upgrade to CouchDB 0.11.2 or 1.0.1. Upgrades from
the 0.11.x and 0.10.x series should be seamless. Users on earlier
versions should consult
known CouchDB installation URLs (like http://localhost:5984/)
security context of CouchDB's admin interface Futon.
Unrelated, but in addition the JSONP API has been turned off
by default to avoid potential information leakage.
This CSRF issue was discovered by a source that wishes to stay