CVE-2024-22682 Information

Description

DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.

Reference

https://github.com/Tu0Laj1/database_test