Vulnerabilities > Couchbase > Sync Gateway
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-10 | CVE-2022-32563 | Improper Certificate Validation vulnerability in Couchbase Sync Gateway 3.0.0 An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. | 6.8 |
| 2021-12-07 | CVE-2021-43963 | Information Exposure vulnerability in Couchbase Sync Gateway An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. | 5.5 |
| 2020-06-08 | CVE-2020-9041 | Improper Resource Shutdown or Release vulnerability in Couchbase Server and Sync Gateway In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. | 5.0 |
| 2019-06-26 | CVE-2019-9039 | SQL Injection vulnerability in Couchbase Sync Gateway 2.1.2 In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. | 7.5 |