CRITICAL 9.8
PYSEC-2024-25
Details
DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.
Are you affected?
Enter the version of the package you're using.
DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.
Enter the version of the package you're using.