How severe is CVE-2022-43441?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-43441?

This is classified as CWE-915, which is a common weakness in software security.

CVE-2022-43441

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-915

View all →

Vulnerability Description

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.

CVE-2021-21304

CRITICAL

CVSS:9.8(Critical)

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "...

CWE-9152021

CVE-2022-24802

CRITICAL

CVSS:9.8(Critical)

deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecord...

CWE-9152022

CVE-2022-31106

CRITICAL

CVSS:9.8(Critical)

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An atta...

CWE-9152022

CVE-2024-5452

CRITICAL

CVSS:9.8(Critical)

A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attribute...

CWE-9152024

CVE-2024-55636

CRITICAL

CVSS:9.8(Critical)

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. ...

CWE-9152024