Description

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.

Related CPE's

a

archerydms

archery

Vulnerable

References

https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/

Third Party Advisory

https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L135

Third Party Advisory

https://github.com/hhyo/Archery/issues/1842

Issue TrackingThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-09-13T15:15:08.973

2 years ago

Last modified

2022-11-08T02:49:59.930

2 years ago