2 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection. When relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. Remediation Upgrade sqlite3 ...
AZL-11586 CVE-2022-46908 affecting package sqlite for versions less than 3.39.2-2
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...