CVE-2022-38541

Name of the Vulnerable Software and Affected Versions Archery versions 1.8.3 through 1.8.5

Description The issue is related to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the start time and stop time parameters in the my2sql interface.

Recommendations For versions 1.8.3 through 1.8.5, consider restricting access to the my2sql interface until a patch is available. As a temporary workaround, avoid using the start time and stop time parameters in the my2sql interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.