Magellan SQLite Vulnerability


#1

Hi,

you may have heared about the “Magellan” Vulnerabilty in SQLite.
Is Couchbase Lite 1.x affected by that?


#2

It is not possible in Couchbase Lite to pass arbitrary SQL queries to the underlying SQLite database, and therefore is not vulnerable to the Magellan attack.

More information can be found here: https://blade.tencent.com/magellan/index_en.html


#3

thank you very much!!


#4

There’s not much that’s vulnerable to this attack other than Chromium. It’s very unusual for any software to allow untrusted SQL to run on its database.