Описание
A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0.0 (включая) до 5.1.5 (исключая)
cpe:2.3:a:ghost:sqlite3:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 91%
0.06448
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-915
CWE-913
Связанные уязвимости
CVSS3: 8.1
ubuntu
почти 3 года назад
A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.
CVSS3: 8.1
debian
почти 3 года назад
A code execution vulnerability exists in the Statement Bindings functi ...
CVSS3: 8.1
github
почти 3 года назад
sqlite vulnerable to code execution due to Object coercion
EPSS
Процентиль: 91%
0.06448
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-915
CWE-913