CVE-2022-21227
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-21227
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21227.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-21227
- Aliases
-
- GHSA-9qrh-qjmc-5w2p
- SNYK-JAVA-ORGWEBJARSNPM-2805470
- SNYK-JS-SQLITE3-2388645
- Related
- Published
- 2022-05-01T16:15:08Z
- Modified
- 2024-09-18T03:12:12.319074Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
- References
Affected packages
Debian:11 / node-sqlite3
Package
- Name
- node-sqlite3
- Purl
- pkg:deb/debian/node-sqlite3?arch=source
Debian:12 / node-sqlite3
Package
- Name
- node-sqlite3
- Purl
- pkg:deb/debian/node-sqlite3?arch=source
Debian:13 / node-sqlite3
Package
- Name
- node-sqlite3
- Purl
- pkg:deb/debian/node-sqlite3?arch=source
Git / github.com/tryghost/node-sqlite3
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tryghost/node-sqlite3
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.2
0.0.3
0.0.6
1.*
1.0.0
1.0.1
1.0.2
1.0.3
2.*
2.0.0
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
v2.*
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.1.0
v2.1.1
v2.1.10
v2.1.11
v2.1.12
v2.1.13
v2.1.14
v2.1.15
v2.1.16
v2.1.17
v2.1.18
v2.1.19
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.1.7-alpha
v2.1.8
v2.1.9
v2.2.0
v2.2.0-alpha
v2.2.1
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v3.*
v3.0.0
v3.0.1
v3.0.10
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.5
v4.0.6
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.2.0
v5.*
v5.0.0
v5.0.1
v5.0.2