EUVD-2022-29634

Malicious code in bioql PyPI...

Metabase 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4

The version of Metabase installed on the remote host is prior to Unknown. It is, therefore, affected by a Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the...

Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Summary It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC js // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KE...

CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

Metabase 安全漏洞

Metabase is an open source data analytics platform from Metabase, Inc. in the United States. Metabase suffers from a security vulnerability that stems from the fact that SQLite has an FDW-like feature called ATTACH DATABASE that allows multiple SQLite databases to be connected via an initial join...