| { |
| "schema_version": "1.4.0", |
| "id": "GHSA-54q4-74p3-mgcw", |
| "modified": "2023-02-23T22:31:36Z", |
| "published": "2023-02-16T00:30:27Z", |
| "aliases": [ |
| "CVE-2022-38867" |
| ], |
| "summary": "rttys SQL Injection vulnerability", |
| "details": "SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.", |
| "affected": [ |
| { |
| "package": { |
| "ecosystem": "Go", |
| "name": "github.com/zhaojh329/rttys" |
| }, |
| "ranges": [ |
| { |
| "type": "ECOSYSTEM", |
| "events": [ |
| { |
| "introduced": "4.0.0" |
| }, |
| { |
| "last_affected": "4.0.2" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "severity": [ |
| { |
| "type": "CVSS_V3", |
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" |
| } |
| ], |
| "references": [ |
| { |
| "type": "ADVISORY", |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38867" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/zhaojh329/rttys/issues/117" |
| }, |
| { |
| "type": "PACKAGE", |
| "url": "https://github.com/zhaojh329/rttys" |
| } |
| ], |
| "database_specific": { |
| "cwe_ids": [ |
| "CWE-89" |
| ], |
| "github_reviewed": true, |
| "github_reviewed_at": "2023-02-23T22:31:36Z", |
| "nvd_published_at": "2023-02-15T22:15:00Z", |
| "severity": "HIGH" |
| } |
| } |
