You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears that the underlying libsqlc-ndk-native-driver.so needs to be upgraded from SQLite 3.40.0 to version 3.43.0 or higher.
Do you have plans to perform this upgrade?
The text was updated successfully, but these errors were encountered:
CVE-2022-21227 relates to the sqlite3 npm package, not this plugin, and not to the core SQLite engine.
CVE-2022-46908 relates to the command line sqlite3 program and the possibility that its --safe switch allows some unsafe syntax. This plugin doesn't include the CLI.
CVE-2023-7104 relates to the session extension, which is disabled by default. It has to be enabled at compile time. The distributed libsqlc-ndk-native-driver.so doesn't include it. The vulnerability is in a C-language API that this plugin doesn't use and doesn't expose.
This package has been identified with the following CVEs:
CVE-2022-21227
CVE-2022-46908
CVE-2023-7104
It appears that the underlying libsqlc-ndk-native-driver.so needs to be upgraded from SQLite 3.40.0 to version 3.43.0 or higher.
Do you have plans to perform this upgrade?
The text was updated successfully, but these errors were encountered: