GHSA-6phf-6h5g-97j2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6phf-6h5g-97j2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-6phf-6h5g-97j2/GHSA-6phf-6h5g-97j2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6phf-6h5g-97j2
- Aliases
- Published
- 2023-05-23T20:07:58Z
- Modified
- 2024-02-16T08:00:57.956395Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
- Details
-
Summary
Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL.
Impacted versions :
3.6.14.1-3.41.2.1
References
https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2
- Database specific
{ "nvd_published_at": "2023-05-23T23:15:09Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-05-23T20:07:58Z" }- References
Affected packages
Maven / org.xerial:sqlite-jdbc
Package
- Name
- org.xerial:sqlite-jdbc
- View open source insights on deps.dev
- Purl
- pkg:maven/org.xerial/sqlite-jdbc
Affected versions
3.*
3.6.14.1
3.6.14.2
3.6.15
3.6.16
3.6.17
3.6.17.1
3.6.20
3.7.2
3.7.15-M1
3.8.5-pre1
3.8.6
3.8.7
3.8.9
3.8.9.1
3.8.10.1
3.8.10.2
3.8.11
3.8.11.1
3.8.11.2
3.14.2
3.14.2.1
3.15.0
3.15.1
3.16.1
3.18.0
3.19.3
3.20.0
3.20.1
3.21.0
3.21.0.1
3.23.1
3.25.2
3.27.2
3.27.2.1
3.28.0
3.30.1
3.31.1
3.32.3
3.32.3.1
3.32.3.2
3.32.3.3
3.34.0
3.35.0
3.35.0.1
3.36.0
3.36.0.1
3.36.0.2
3.36.0.3
3.39.2.0
3.39.2.1
3.39.3.0
3.39.4.0
3.39.4.1
3.40.0.0
3.40.1.0
3.41.0.0
3.41.0.1
3.41.2.0
3.41.2.1