You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of this package are vulnerable to Arbitrary Code Execution via the .ToString() method due to improper sanitization. Exploiting this vulnerability is possible when a binding parameter is a crafted Object and might result in arbitrary JavaScript code execution or DoS.
Workarounds
Ensure sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.
Detailed paths
Overview
Affected versions of this package are vulnerable to Arbitrary Code Execution via the
.ToString()
method due to improper sanitization. Exploiting this vulnerability is possible when a binding parameter is a crafted Object and might result in arbitrary JavaScript code execution or DoS.Workarounds
Ensure sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.
Remediation
Upgrade
sqlite3
to version 5.1.5 or higher.References
SNYK-JS-SQLITE3-3358947
(CVE-2022-43441) sqlite3@5.0.2
The text was updated successfully, but these errors were encountered: