CVE-2022-21227

Denial-of-Service due to fatal error when binding invalid parameters in npm/sqlite3

Identifiers

GHSA-9qrh-qjmc-5w2p, CVE-2022-21227

Package Slug

npm/sqlite3

Vulnerability

Denial-of-Service due to fatal error when binding invalid parameters

Description

The package sqlite3 before 5.0.3 is vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

Affected Versions

All versions starting from 5.0.0 before 5.0.3

Solution

Upgrade to version 5.0.3 or above.

Last Modified

2022-05-01

source