{"id":"CVE-2022-38867","details":"SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, 4.0.2, and 4.4.x in api.go, allows attackers to execute arbitrary code.","aliases":["GHSA-54q4-74p3-mgcw"],"modified":"2026-03-14T11:51:48.012995Z","published":"2023-02-15T22:15:11.650Z","references":[{"type":"WEB","url":"https://github.com/zhaojh329/rttys/blob/v4.4.1/api.go#L295"},{"type":"REPORT","url":"https://github.com/zhaojh329/rttys/issues/117"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zhaojh329/rttys","events":[{"introduced":"45486898f85f147fe3c52ce38c7f9e3066454bf0"},{"last_affected":"be2391c0e0315b0e3970e73481e42865bf71110b"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"last_affected":"4.0.2"}]}}],"versions":["v4.0.0","v4.0.1","v4.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38867.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}