CVE-2022-38540 Information

Description

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.

Reference

https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L148 https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L148