SQLite Forum

Please fix CVE-2020-15358

  1.  That CVE is fake news.  It only applies if you are allowing
      malicious agents to inject arbitrary SQL into your
      application.  And even then, the worst known outcome is denial
      of service. See [\[1\]][1] for more information about CVEs and SQLite.

  2.  The bug that the CVE is based on was fixed in SQLite version 3.32.3.

  3.  Relying on CVEs and believing the information you read in CVEs is
      not an effective security policy.

[1]: https://www.sqlite.org/cves.html#cvetab
\[1\] <https://www.sqlite.org/cves.html>