Larrybr

**Name of the Vulnerable Software and Affected Versions** SQLite versions prior to 3.40.0 **Description** The issue is related to errors in the implementation of the azAllowedFunctions protection mechanism in the SQLite database management system's command-line interface. This could allow an attacker to gain unauthorized access to prohibited user functions. Specifically, when relying on the --safe option for executing untrusted CLI scripts, the azProhibitedFunctions protection mechanism is not properly implemented, allowing User-Defined Functions (UDFs) such as `WRITEFILE`. **Recommendations** For versions prior to 3.40.0, as a temporary workaround, consider disabling the use of UDFs such as `WRITEFILE` until a patch is available. Restrict access to the `azProhibitedFunctions` mechanism to minimize the risk of exploitation. Avoid using the `--safe` option for executing untrusted CLI scripts until the issue is resolved.