2 matches found
PYSEC-2024-25
DuckDB =0.9.2 and DuckDB extension-template =0.9.2 are vulnerable to malicious extension injection via the custom extension feature...
PT-2024-19529 · Duckdb +1 · Duckdb +1
Name of the Vulnerable Software and Affected Versions: DuckDB versions prior to 0.9.3 DuckDB extension-template versions prior to 0.9.3 Description: The issue allows for malicious extension injection through the custom extension feature. Recommendations: For DuckDB versions prior to 0.9.3, update...