Vulnerability Description
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ghost | Sqlite3 | < 5.0.3 |
References
- https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bfPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805470Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645Third Party Advisory
- https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bfPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805470Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645Third Party Advisory
FAQ
What is CVE-2022-21227?
CVE-2022-21227 is a vulnerability with a CVSS score of 7.5 (HIGH). The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash...
How severe is CVE-2022-21227?
CVE-2022-21227 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21227?
Check the references section above for vendor advisories and patch information. Affected products include: Ghost Sqlite3.