CVE-2023-30555

Name of the Vulnerable Software and Affected Versions Archery (affected versions not specified)

Description The Archery project contains multiple SQL injection vulnerabilities, allowing an attacker to query connected databases. The issue arises from the explain method in sql optimize.py, where user input from the db name parameter in the "explain" endpoint is passed to query methods in sql/engines/mssql.py and sql/engines/oracle.py for execution. This may be mitigated by escaping user input or using prepared statements when executing SQL queries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.