DSA-5373-1

Source
https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5373-1.json
Aliases
Published
2023-03-14T00:00:00Z
Modified
2023-03-16T09:50:45.746146Z
Details

Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object.

For the stable distribution (bullseye), this problem has been fixed in version 5.0.0+ds1-1+deb11u2.

We recommend that you upgrade your node-sqlite3 packages.

For the detailed security status of node-sqlite3 please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/node-sqlite3

References

Affected packages

Debian:11 / node-sqlite3

node-sqlite3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
5.0.0+ds1-1+deb11u2

Affected versions

5.*

5.0.0+ds1-1
5.0.0+ds1-1+deb11u1