High severityNVD Advisory· Published May 23, 2023· Updated Mar 5, 2025
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
CVE-2023-32697
Description
SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.xerial:sqlite-jdbcMaven | >= 3.6.14.1, < 3.41.2.2 | 3.41.2.2 |
Affected products
2- Range: >= 3.6.14.1, < 3.41.2.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-6phf-6h5g-97j2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-32697ghsaADVISORY
- github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2ghsax_refsource_MISCWEB
- github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.