Home > Vulnerability Database > CVE-2022-21227

Mend.io Vulnerability Database

CVE-2022-21227

Good to know:

Date: May 1, 2022

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

Language: JS

Severity Score

7.5

Related Resources (7)

Url: https://github.com/TryGhost/node-sqlite3/issues/1449

Url: https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a

Url: https://github.com/TryGhost/node-sqlite3

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-21227

Url: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-9qrh-qjmc-5w2p

Url: https://github.com/TryGhost/node-sqlite3/issues/1440

Url: https://www.mend.io/vulnerability-database/CVE-2022-21227

Severity Score

7.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Uncaught Exception

CWE-248

Top Fix

Upgrade Version

Upgrade to version sqlite3 - 5.0.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-21227

Good to know:

Date: May 1, 2022

Language: JS

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?