Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Out of scope
Priority: P1: Critical
Fix Version/s: None
Affects Version/s: 6.4.1
Component/s: Core: Plugins, sqlite
Labels:
None

Platform/s:

Linux/X11, Windows

Description

CVE-2022-46908 reported for sqlite plugin:

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Thiago Macieira

Reporter:: Gregory Junker

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28 Dec '22 03:19

Updated:: 09 Jan '23 19:40

Resolved:: 09 Jan '23 19:40

Gerrit Reviews

There are no open Gerrit changes