CVE-2022-41892

Опубликовано: 11 нояб. 2022

Источник: nvd

CVSS3: 8.6

CVSS3: 9.8

EPSS Низкий

Описание

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.

Ссылки

https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8m
Patch
Third Party Advisory
https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8m
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:archesproject:arches:*:*:*:*:*:*:*:*

Версия до 6.1.1 (включая)

cpe:2.3:a:archesproject:arches:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:archesproject:arches:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:archesproject:arches:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:archesproject:arches:7.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00127

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-gmpq-xrxj-xh8m

CVSS3: 8.6

github

около 3 лет назад

Arches vulnerable to execution of arbitrary SQL

EPSS

Процентиль: 33%

0.00127

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-89