A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.
References
Link | Resource |
---|---|
https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74 | Vendor Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1645 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2023-03-16T20:14:14.090Z
Updated: 2023-03-16T20:14:14.090Z
Reserved: 2022-10-20T15:24:15.340Z
Link: CVE-2022-43441
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-16T21:15:11.023
Modified: 2023-03-22T21:01:25.970
Link: CVE-2022-43441
JSON object: View
Redhat Information
No data.