CVE-2023-30556
- Source
- https://cve.org/CVERecord?id=CVE-2023-30556
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30556.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-30556
- Aliases
-
- GHSA-6pv9-9gq7-hr68
- Published
- 2023-04-18T22:35:38.243Z
- Modified
- 2026-04-10T04:57:22.827253Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- SQL injection in sql_optimize.py optimize_sqltuningadvisor method in Archery - GHSL-2022-107
- Details
-
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the
optimize_sqltuningadvisormethod ofsql_optimize.py. User input coming from thedb_nameparameter value insql_optimize.pyis passed to thesqltuningadvisormethod inoracle.pyfor execution. To mitigate escape the variables accepted via user input when used insql_optimize.py. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed asGHSL-2022-107. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30556.json" }- References
Affected packages
Git / github.com/hhyo/archery
Affected versions
v1.*
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.7
v1.2.0Beta
v1.2.0Beta2
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.5
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0