CVE-2018-17232

Name of the Vulnerable Software and Affected Versions slack-archive-bot versions prior to 2018-09-19

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the text parameter to cursor.execute() in the archivebot.py script.

Recommendations For versions prior to 2018-09-19, update to a version released after 2018-09-19 to resolve the issue. As a temporary workaround, consider restricting access to the cursor.execute() function to minimize the risk of exploitation. Avoid using the text parameter in the affected script until the issue is resolved.