SQLite

A JSON-path traversal injection vulnerability exists in Kysely versions prior to 0.28.16, allowing attackers to traverse JSON sub-fields outside the intended scope, potentially leading to unauthorized read and write access to sensitive data in MySQL, PostgreSQL, and SQLite databases due to insufficient sanitization of JSON-path metacharacters in the `JSONPathBuilder.key()` and `.at()` functions.

Diesel versions before 2.3.8 are vulnerable to UTF-8 corruption due to the `sqlite3_value_text` function not always returning UTF-8 encoded strings, potentially leading to invalid UTF-8 string processing without validation.