CVE-2022-46908

SQLite through 3.40.0, when relying on –safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

Date published : 2022-12-12

https://news.ycombinator.com/item?id=33948588

https://sqlite.org/forum/forumpost/07beac8056151b2f