You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In the DuckDB database, there is a feature for writing custom extensions. Attackers can write a custom extension containing malicious commands based on the DuckDB extension template(https://github.com/duckdb/extension-template). While compiling this malicious extension, a duckdb binary program containing this malicious extension will also be generated. Attackers can replace the normal duckdb program on the victim's machine with this malicious extension. When the victim starts this malicious duckdb program and executes a specific SQL statement, the malicious command will be triggered.
