CVE-2022-38542 Information

Description

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.

Reference

https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L149 https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L149