CVE-2022-41892

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41892

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41892.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-41892

Aliases

Related

GHSA-gmpq-xrxj-xh8m

Published

2022-11-11T04:15:12Z

Modified

2025-07-01T14:13:42.180094Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.

References

https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8m

Affected packages

Git / github.com/archesproject/arches

Affected ranges

Type: GIT
Repo: https://github.com/archesproject/arches
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7b2720a3d244ff5e2e2107be76ea98aeb452c85d

Last affected

8c8bbf5d76156825432e2787b63fe3f34d7b0207

Last affected

941af34e781f2fa9d886f76b767e5f1df3660288

Affected versions

3.*

3.0.0

3.0.0rc12

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.1.1

3.1.2

4.*

4.0.0

4.0.1

4.0b1

4.0b2

4.0b3

4.1.0

4.3.0

4.3.1

4.4.1

5.*

5.0.0

5.1.1

6.*

6.0.0

7.*

7.0.0

7.1.0

7.1.1