我的书签
添加书签
移除书签17.5. CVE-2012-5649: JSONP arbitrary code execution with Adobe Flash
| Date: |
|---|
| 14.01.2013 |
| Affected: |
| ——- |
| Releases up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable,if administrators have enabled JSONP. |
| Severity: |
| ——- |
| Moderate |
| Vendor: |
| ——- |
| The Apache Software Foundation |
17.5.1. Description
A hand-crafted JSONP callback and response can be used to run arbitrary codeinside client-side browsers via Adobe Flash.
17.5.2. Mitigation
Upgrade to a supported CouchDB release that includes this fix, such as:
17.5.3. Work-Around
Disable JSONP or don’t enable it since it’s disabled by default.
