{"schema_version": "1.6.1", "id": "CVE-2021-38295", "summary": "Privilege escalation vulnerability when using HTML attachments", "details": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality.\n\nThis privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes.  This issue affected Apache CouchDB prior to 3.1.2", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache CouchDB"}, {"fixed": "3.1.2"}]}]}, {"ranges": [{"type": "SEMVER", "events": [{"introduced": "IBM Cloudant"}, {"fixed": "8201"}]}]}], "references": [{"type": "ADVISORY", "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"}]}