Описание
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-sqlite3 | fixed | 5.0.6+ds1-1 | package | |
| node-sqlite3 | fixed | 5.0.0+ds1-1+deb11u1 | bullseye | package |
| node-sqlite3 | not-affected | buster | package | |
| node-sqlite3 | end-of-life | stretch | package |
Примечания
https://github.com/advisories/GHSA-9qrh-qjmc-5w2p
Fixed by: https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a (v5.0.3)
https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645
Introduced by: https://github.com/TryGhost/node-sqlite3/commit/dd3ef522088bb5cafede25b9fe661f892b6f10ba (v5.0.0)
Связанные уязвимости
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
Denial-of-Service when binding invalid parameters in sqlite3
Уязвимость компонента V8 системы управления базами данных SQLite позволяющая нарушителю вызвать отказ в обслуживании