Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.
References
Link | Resource |
---|---|
https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/ | Third Party Advisory |
https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L149 | Third Party Advisory |
https://github.com/hhyo/Archery/issues/1841 | Third Party Advisory |
Configurations
History
06 Oct 2022, 14:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/ - Third Party Advisory | |
References | (MISC) https://github.com/hhyo/Archery/issues/1841 - Third Party Advisory |
03 Oct 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above. |
14 Sep 2022, 22:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L149 - Third Party Advisory | |
CPE | cpe:2.3:a:archerydms:archery:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Archerydms
Archerydms archery |
|
CWE | CWE-89 |
13 Sep 2022, 15:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-13 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38542
Mitre link : CVE-2022-38542
CVE.ORG link : CVE-2022-38542
JSON object : View
Products Affected
archerydms
- archery
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')