Joan Touzet

**Name of the Vulnerable Software and Affected Versions** Apache CouchDB versions prior to 1.7.0 Apache CouchDB versions 2.x prior to 2.1.1 **Description** The issue allows an admin user to execute arbitrary shell commands as the CouchDB user. This can be achieved by configuring the database server via HTTP(S) and specifying paths for operating system-level binaries that are subsequently launched by CouchDB. The admin user can also download and execute scripts from the public internet. **Recommendations** For Apache CouchDB versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. For Apache CouchDB versions 2.x prior to 2.1.1, update to version 2.1.1 or later to resolve the issue.