CVE-2017-12636 — CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchD — CVE Database · The Intelligence Room