Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
Package
Affected versions
>= 3.6.14.1, < 3.41.2.2
Patched versions
3.41.2.2
Description
Published to the GitHub Advisory Database
May 23, 2023
Reviewed
May 23, 2023
Published by the National Vulnerability Database
May 23, 2023
Last updated
Nov 7, 2023
Summary
Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL.
Impacted versions :
3.6.14.1-3.41.2.1
References
https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2
References