Description
An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-12629)
WordPress Plugin Page Builder by SiteOrigin Cross-Site Request Forgery (2.10.15)
WordPress Plugin Multicons [Multiple Favicons] Cross-Site Scripting (2.1)
WordPress Plugin Shortcode Factory Local File Inclusion (2.7)