GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API
Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...