Code Execution Vulnerability in Ghost Foundation node-sqlite3 5.1.1 Statement Bindings Functionality

CVE-2022-43441 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.

Learn more about our Cis Benchmark Audit For Bind.