| id: GO-TEST-ID |
| modules: |
| - module: github.com/zhaojh329/rttys |
| versions: |
| - introduced: 4.0.0 |
| summary: rttys SQL Injection vulnerability |
| description: |- |
| SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, |
| allows attackers to execute arbitrary code. |
| cves: |
| - CVE-2022-38867 |
| ghsas: |
| - GHSA-54q4-74p3-mgcw |
| references: |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-38867 |
| - web: https://github.com/zhaojh329/rttys/issues/117 |
| - package: https://github.com/zhaojh329/rttys |
| notes: |
| - 'create: unsupported version range event models.Event{Introduced:"", Fixed:"", LastAffected:"4.0.2", Limit:""}' |
| - 'lint: github.com/zhaojh329/rttys: bad version "4.0.0": github.com/zhaojh329/rttys@v4.0.0: invalid version: should be v0 or v1, not v4' |