Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.
References
Link | Resource |
---|---|
https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/ | Third Party Advisory |
https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L135 | Third Party Advisory |
https://github.com/hhyo/Archery/issues/1842 | Issue Tracking Third Party Advisory |
Configurations
History
08 Nov 2022, 02:49
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/hhyo/Archery/issues/1842 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/ - Third Party Advisory |
13 Oct 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Sep 2022, 22:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Archerydms
Archerydms archery |
|
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:archerydms:archery:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L135 - Third Party Advisory |
13 Sep 2022, 15:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-13 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38537
Mitre link : CVE-2022-38537
CVE.ORG link : CVE-2022-38537
JSON object : View
Products Affected
archerydms
- archery
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')