Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.
References
Link | Resource |
---|---|
https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/ | Third Party Advisory |
https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L148 | Third Party Advisory |
https://github.com/hhyo/Archery/issues/1841 | Third Party Advisory |
Configurations
History
17 Oct 2022, 02:11
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/ - Third Party Advisory | |
References | (MISC) https://github.com/hhyo/Archery/issues/1841 - Third Party Advisory |
06 Oct 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Sep 2022, 22:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Archerydms
Archerydms archery |
|
CPE | cpe:2.3:a:archerydms:archery:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L148 - Third Party Advisory | |
CWE | CWE-89 |
13 Sep 2022, 15:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-13 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38540
Mitre link : CVE-2022-38540
CVE.ORG link : CVE-2022-38540
JSON object : View
Products Affected
archerydms
- archery
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')