CVE-2022-29498
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in gem/blazer
Identifiers
GHSA-qf9q-q4hh-qph3, CVE-2022-29498
Package Slug
gem/blazer
Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description
Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.
Affected Versions
All versions before 2.6.0
Solution
Upgrade to version 2.6.0 or above.
Last Modified
2022-05-01
| source |