Warning: Remote code execution vulnerability in SQLite JDBC
sqlite-jdbc (Maven): v22.214.171.124 - v126.96.36.199
Remote Code Execution (RCE)
Official manufacturer https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g...
An authenticated remote attacker can execute arbitrary code, possibly leading to a compromise of system/data integrity, confidentiality, and/or availability.
SQLite JDBC is a library for accessing and creating SQLite database files in Java. An authenticated remote attacker which is able to control the JDBC URL could abuse an insecure temporary file in order to execute arbitrary code with privileges of the involved Java application. The vendor did not provide any further information. At the time of verification no PoC was available.
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions in order to mitigate the impact of this vulnerability in the most efficient way.
Create an inventory that includes all the software from your organisation and check per entry if sqlite-jdbc is used. Note certain software might reference an older version of sqlite-jdbc in their POM-file.
Please upgrade to SQLite JDBC version 188.8.131.52 or higher after thorough testing.
The CCB recommends organisations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion. Monitor for suspicious file access.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
When applying patches to systems that have been vulnerable to an RCE exploit, a proactive threat assessment should be performed to verify no exploitation occurred in the time between a patch becoming available and being applied.
Vendor product homepage https://github.com/xerial/sqlite-jdbc