Vulnerability Spotlight: Node-SQLite3 issue could lead to denial of service in Ghost CMS

Dave McDaniel of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a vulnerability in node-sqlite3 that affects the Ghost content management system and could affect other software utilizing this library. Ghost is a content management system with tools to build a website,...

Debian DSA-5373-1 : node-sqlite3 - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5373 advisory. Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object. F...

Ghost Foundation node-sqlite3 code execution vulnerability

Talos Vulnerability Report TALOS-2022-1645 Ghost Foundation node-sqlite3 code execution vulnerability March 16, 2023 CVE Number CVE-2022-43441 SUMMARY A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascri...

Arbitrary Code Execution

sqlite3 is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the .ToString implementation because it calls the napicoercetostring function which can execute JavaScript when passed a crafted Napi::Value object, allowing an attacker to execute arbitrary JavaScript in the brows...

node-sqlite3 安全漏洞

node-sqlite3 is an asynchronous, non-blocking SQLite3 interface library based on Node.js. A security vulnerability exists in node-sqlite3 that stems from the fact that Node.js' SQLite3 bindings are vulnerable to the execution of arbitrary JavaScript code if the binding parameters are well-designe...

[SECURITY] [DSA 5373-1] node-sqlite3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5373-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 14, 2023 https://www.debian.org/security/faq -...

DSA-5373-1 node-sqlite3 - security update

Bulletin has no description...

7ghost (>=4.11.0 <=4.11.46), 90crew-sqlite-async (=0.0.4) +265 more potentially affected by CVE-2022-43441 via sqlite3 (>=5.0.0 <=5.1.4)

sqlite3 NPM version =5.0.0, =4.11.0, =0.1.0, =0.0.15, =0.0.15, =1.1.0, =12.1.0-alpha.6, =2.0.11, =0.2.5, =6.1.4, =6.1.4, =7.0.1, =6.1.4, =0.1.3-alpha.0, =0.3.0 and more Source cves: CVE-2022-43441 Source advisory: OSV:GHSA-JQV5-7XPX-QJ74...

sqlite vulnerable to code execution due to Object coercion

Impact Due to the underlying implementation of .ToString, it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object. Users of sqlite3 v5.0.0 - v5.1.4 are affected by this. Patches Fixed in v5.1.5. All users are recommended to...

Debian: Security Advisory (DLA-543-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2011-0995

The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise SLE 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...

SUSE CVE-2021-36690

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...

SUSE-SU-2023:0030-1 Security update for tcl

This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead bsc1195773...

SUSE: Security Advisory (SUSE-SU-2022:4628-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4628-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script bsc1206337...

SUSE: Security Advisory (SUSE-SU-2022:4603-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4603-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script bsc1206337...

Ubuntu: Security Advisory (USN-5716-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5712-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3307-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...