Candidate: CVE-2022-21227
PublicDate: 2022-05-01 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21227
 https://github.com/advisories/GHSA-9qrh-qjmc-5w2p
 https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645
 https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645
 https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a
 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805470
Description:
 The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS)
 which will invoke the toString function of the passed parameter. If passed
 an invalid Function object it will throw and crash the V8 engine.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:


Patches_node-sqlite3:
upstream_node-sqlite3: released (5.0.6+ds1-1)
bionic_node-sqlite3: needs-triage
focal_node-sqlite3: needs-triage
impish_node-sqlite3: needs-triage
jammy_node-sqlite3: needs-triage
devel_node-sqlite3: needs-triage