| id: GO-ID-PENDING |
| modules: |
| - module: github.com/zhaojh329/rttys |
| non_go_versions: |
| - introduced: 4.0.0 |
| unsupported_versions: |
| - version: 4.0.2 |
| type: last_affected |
| vulnerable_at: 1.1.0 |
| summary: rttys SQL Injection vulnerability in github.com/zhaojh329/rttys |
| description: |- |
| SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, |
| allows attackers to execute arbitrary code. |
| cves: |
| - CVE-2022-38867 |
| ghsas: |
| - GHSA-54q4-74p3-mgcw |
| references: |
| - advisory: https://github.com/advisories/GHSA-54q4-74p3-mgcw |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-38867 |
| - report: https://github.com/zhaojh329/rttys/issues/117 |
| source: |
| id: GHSA-54q4-74p3-mgcw |
| created: 1999-01-01T00:00:00Z |
| review_status: UNREVIEWED |