High severityNVD Advisory· Published Mar 16, 2023· Updated Aug 3, 2024
CVE-2022-43441
CVE-2022-43441
Description
A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sqlite3npm | >= 5.0.0, < 5.1.5 | 5.1.5 |
Affected products
2- Range: 5.1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-jqv5-7xpx-qj74ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-43441ghsaADVISORY
- github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781ghsaWEB
- github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74ghsaWEB
- talosintelligence.com/vulnerability_reports/TALOS-2022-1645ghsaWEB
News mentions
0No linked articles in our index yet.