CVE-2024-22682

Опубликовано: 30 янв. 2024

Источник: nvd

Описание

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Связанные уязвимости

GHSA-fq57-m32w-cmv5

CVSS3: 9.8

github

около 2 лет назад

DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.