GHSA-qf9q-q4hh-qph3, CVE-2022-29498
gem/blazer
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.
All versions before 2.6.0
Upgrade to version 2.6.0 or above.
2022-05-01
source |