CVE-2022-41892: 
Python vulnerability analysis and mitigation

The vulnerability CVE-2022-41892 affects Arches, an open-source data management platform, in versions <=6.1.1, 6.2.0, >=7.0.0, and <=7.1.1. The vulnerability was discovered and reported by GHSL team member @sylwia-budzynska and was disclosed on December 16, 2022. This security flaw involves multiple blind SQL injection vulnerabilities that could allow attackers to query the underlying database (GitHub Advisory, GitHub SecurityLab).

The vulnerability consists of three distinct blind SQL injection issues (GHSL-2022-070, GHSL-2022-071, and GHSL-2022-072) affecting different endpoints in the Arches platform. These vulnerabilities allow attackers to inject arbitrary SQL queries through various parameters including the 'paged_dropdown', 'get_child_edges', and 'get_e55_domain' endpoints. The attacks utilize time-based blind SQL injection techniques, where attackers can infer query results based on response timing (GitHub SecurityLab).

The vulnerability may lead to information disclosure and the ability to execute SELECT queries on the database. With a carefully crafted web request, attackers can execute unwanted SQL statements against the database, potentially compromising data confidentiality and integrity (GitHub Advisory).

The vulnerability has been patched in versions 6.1.2, 6.2.1, and 7.2.0. Users are strongly urged to upgrade to the most recent relevant patch version as there are no workarounds available (GitHub Advisory).