Apache CouchDB versions 1.7.0 and 2.x prior to 2.1.1 suffer from a remote privilege escalation vulnerability.