CVE-2023-32697

moderate-risk
Published 2023-05-23

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.

Do I need to act?

~
5.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Sqlite Jdbc

Affected Vendors

Sqlite Jdbc Project

References (4)

Release Notes https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2
Vendor Advisory https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
Release Notes https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2
Vendor Advisory https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
43
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal