-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-32697 (Critical) detected in sqlite-jdbc-3.32.3.3.jar #1669
Comments
note: sqllite-jdbc is only used as part of the integration test framework and not part of product software. |
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory. |
CVE-2023-32697 - Critical Severity Vulnerability
Vulnerable Library - sqlite-jdbc-3.32.3.3.jar
SQLite JDBC library
Path to dependency file: /integ-test/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial/sqlite-jdbc/3.32.3.3/2935bf4edbdc721ce5be813cd60cd7e325ca7ed6/sqlite-jdbc-3.32.3.3.jar
Dependency Hierarchy:
Found in HEAD commit: 50669ebe3a0cb46ff832d75f77adb23672725777
Found in base branch: main
Vulnerability Details
SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.
Publish Date: 2023-05-23
URL: CVE-2023-32697
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-6phf-6h5g-97j2
Release Date: 2023-05-23
Fix Resolution: 3.41.2.2
The text was updated successfully, but these errors were encountered: