b2sdk is vulnerable to time-of-check-time-of-use (TOCTOU). A local attacker is able to read the contents of the local database file where API keys are saved when using SqliteAccountInfo
, resulting in sensitive information disclosure via race condition.