High severity8.6NVD Advisory· Published Nov 11, 2022· Updated Jun 17, 2026
CVE-2022-41892
CVE-2022-41892
Description
Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
archesPyPI | < 6.1.2 | 6.1.2 |
archesPyPI | >= 6.2.0, < 6.2.1 | 6.2.1 |
archesPyPI | >= 7.0.0, < 7.2.0 | 7.2.0 |
Affected products
2- Range: <= 6.1.2
Patches
Vulnerability mechanics
References
8- github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8mnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-gmpq-xrxj-xh8mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41892ghsaADVISORY
- securitylab.github.com/advisories/GHSL-2022-070_GHSL-2022-072_ArchesghsaADVISORY
- github.com/archesproject/arches/commit/7ed53e23a616edf3301d95814d9d64de5e3072a9ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/arches/PYSEC-2022-42985.yamlghsaWEB
- pypi.org/project/arches/6.1.2ghsaWEB
- pypi.org/project/arches/7.2.0ghsaWEB
News mentions
0No linked articles in our index yet.