Vulnerabilities > CVE-2022-43441 - Improper Control of Dynamically-Managed Code Resources vulnerability in Ghost Sqlite3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ghost

CWE-913

critical

NVD

Published: 2023-03-16

Updated: 2023-03-22

Summary

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ghost Ghost Sqlite3 5.0.0 Ghost Sqlite3 5.0.1 Ghost Sqlite3 5.0.2 Ghost Sqlite3 5.0.3 Ghost Sqlite3 5.0.4 Ghost Sqlite3 5.0.5 Ghost Sqlite3 5.0.6 Ghost Sqlite3 5.0.7 Ghost Sqlite3 5.0.8	9

Common Weakness Enumeration (CWE)

CWE-913 - Improper Control of Dynamically-Managed Code Resources

References

https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1645