CouchDB is prone to a security-bypass vulnerability because it compares message digests using a variable time algorithm. Successfully exploiting this issue allows an attacker to determine if a forged digest is partially correct repeated attacks will allow them to determine specific, legitimate digests. Versions prior to CouchDB 0.11 are vulnerable.
The vendor has released updates. Please see the references for details.