miniblog.

← Back to all posts

Wilfred Hughes

Apr 23, 2018 at 22:13

Finding a security bug in CouchDB due to different JSON libraries interpreting repeated keys differently! https://justi.cz/security/2017/11/14/couchdb-rce-npm.html

Remote Code Execution in CouchDB

tl;dr There was a vulnerability in CouchDB caused by a discrepancy between the database’s native JSON parser and the Javascript JSON parser used during docum...