CVE-2023-32697 (Critical) detected in sqlite-jdbc-3.32.3.3.jar

[mend-for-github-com]

CVE-2023-32697 - Critical Severity Vulnerability

Vulnerable Library - sqlite-jdbc-3.32.3.3.jar

SQLite JDBC library

Path to dependency file: /integ-test/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial/sqlite-jdbc/3.32.3.3/2935bf4edbdc721ce5be813cd60cd7e325ca7ed6/sqlite-jdbc-3.32.3.3.jar

Dependency Hierarchy:

• ❌ sqlite-jdbc-3.32.3.3.jar (Vulnerable Library)

Found in HEAD commit: 50669ebe3a0cb46ff832d75f77adb23672725777

Found in base branch: main

Vulnerability Details

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.

Publish Date: 2023-05-23

URL: CVE-2023-32697

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-6phf-6h5g-97j2

Release Date: 2023-05-23

Fix Resolution: 3.41.2.2

---

• Check this box to open an automated fix PR

[acarbonetto]

note: sqllite-jdbc is only used as part of the integration test framework and not part of product software.

[mend-for-github-com]

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com]

ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.