Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Debian: DSA-5373-1 Critical: Node-SQLite3 Arbitrary Code Execution

debian
Calendar Grey March 14, 2023
Debian Logo
Node.js SQLite3 bindings were discovered to have vulnerabilities; an upgrade is necessary to mitigate risks of arbitrary code execution. Refer to the advisory for further information.
Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object

Summary

Dave McDaniel discovered that the SQLite3 bindings for Node.js were
susceptible to the execution of arbitrary JavaScript code if a binding
parameter is a crafted object.

For the stable distribution (bullseye), this problem has been fixed in
version 5.0.0+ds1-1+deb11u2.

We recommend that you upgrade your node-sqlite3 packages.

For the detailed security status of node-sqlite3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/node-sqlite3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: node-sqlite3
CVE ID: CVE-2022-43441

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.