CVE-2022-38539 Information

Description

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.

Reference

https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L155 https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L155