Closed herrxyz closed 1 year ago
Hi, thanks for reporting.
We only use quote
method here:
sourceId
will come from the database itself so that will be safe.For all other escaping, we use prepared statements so unless sqlite uses the printf function there as well it should be fine.
I would still recommend to update your systems to sqlite 3.39.4 (or version provided by your vendor that has the vulnerability patched).
thanks for your super-fast reply and sorry for my late closing (did read it in november but forget to close)
hey, can you please check (and fix) if selfoss is affected by sqlite vulnerability https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/ ? As far as I understand this text it could be triggered by any website in my feed. Kind regards