Sql injection

2022-09-1315:15:00

PRIOn knowledge base

www.prio-n.com

archery v1.4.0

v1.8.5

sql injection

create_kill_session

threadids parameter

0.002 Low

EPSS

Percentile

54.5%

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.

CPENameOperatorVersion
archeryge1.4.0
archerylt1.9.0

CPE	Name	Operator	Version
	archery	ge	1.4.0
	archery	lt	1.9.0

References

announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/

github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py

github.com/hhyo/Archery/issues/1841

0.002 Low

EPSS

Percentile

54.5%

Related for PRION:CVE-2022-38540