CVE-2022-21227
HIGHsqlite3 < 5.0.3 - Denial of Service via Invalid Function Object
Title source: llmDescription
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805470
Patch, Third Party Advisory x_refsource_misc
https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a
Scores
CVSS v3
7.5
EPSS
0.0041
EPSS Percentile
61.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (2)
ghost/sqlite3
< 5.0.3
npm/sqlite3
5.0.0 - 5.0.3npm
Published
May 01, 2022
Tracked Since
Feb 18, 2026