CVE-2022-29498

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in gem/blazer

Identifiers

GHSA-qf9q-q4hh-qph3, CVE-2022-29498

Package Slug

gem/blazer

Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.

Affected Versions

All versions before 2.6.0

Solution

Upgrade to version 2.6.0 or above.

Last Modified

2022-05-01

source