CVE-2022-43441

EUVD-2023-1051
A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
talosCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
ghostsqlite3
5.0.0 ≤
𝑥
< 5.1.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-sqlite3
bookworm
5.1.5+ds1-1
fixed
bullseye
5.0.0+ds1-1+deb11u2
fixed
bullseye (security)
5.0.0+ds1-1+deb11u2
fixed
buster
not-affected
sid
5.1.5+ds1-1
fixed
trixie
5.1.5+ds1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-sqlite3
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1645
https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1645
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1645