High severity7.6NVD Advisory· Published Sep 8, 2021· Updated Jun 17, 2026
CVE-2021-23404
CVE-2021-23404
Description
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sqlite-webPyPI | <= 0.6.5 | — |
Affected products
2- sqlite-web/sqlite-webdescription
Patches
Vulnerability mechanics
References
7- snyk.io/vuln/SNYK-PYTHON-SQLITEWEB-1316324nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-2j58-pwwv-x666ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23404ghsaADVISORY
- github.com/coleifer/sqlite-web/blob/2e7c85da3d37f80074ed3ae39b5851069b4f301c/sqlite_web/__main__.pyghsaWEB
- github.com/coleifer/sqlite-web/blob/2e7c85da3d37f80074ed3ae39b5851069b4f301c/sqlite_web/__main__.py%23L1nvdBroken Link
- github.com/coleifer/sqlite-web/blob/4ba53979eb342c69fb3b7a75eeed43da7a3d3822/sqlite_web/sqlite_web.pyghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/sqlite-web/PYSEC-2021-332.yamlghsaWEB
News mentions
0No linked articles in our index yet.