CVE-2019-5018: SQLite Remote Code Execution Vulnerability Alert
SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. SQLite is the most widely deployed database in the world with more applications than we can count, including several high-profile projects. SQLite is an embedded SQL database engine.
SQLite released 3.28.0 to fixes a remote code execution vulnerability (CVE-2019-5018). This vulnerability was found by Cisco Talos and the details of the specific vulnerability have been made public.
The vulnerability can be triggered by sending a malicious SQL command.
Affected version
- SQLite 3.26.0, 3.27.0
Solution
Please update SQLite to the latest version.