How severe is CVE-2022-43441?

CVE-2022-43441 has a CVSS v3 score of 8.1 (HIGH).

CVE-2022-43441

Name: sqlite3
Author: ghost

8.1HIGH

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attac

Publicado: 3/16/2023Actualizado: 11/21/2024

Descripción

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.

Análisis IAImpulsado por IA

Productos Afectados

ghostsqlite3

Referencias

https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1645
ExploitThird Party Advisory
https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1645
ExploitThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1645