Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.
Advisories for Gem/Blazer package
2022