CVE-2020-9041: Improper Resource Shutdown or Release

June 8, 2020 (updated June 11, 2020)

In Couchbase Server and Couchbase Sync Gateway, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don’t more aggressively terminate slow connections.

References

nvd.nist.gov/vuln/detail/CVE-2020-9041
www.couchbase.com/resources/security

Code Behaviors & Features

Detect and mitigate CVE-2020-9041 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →