CVE-2022-29498: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

April 22, 2022 (updated April 29, 2022)

Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.

References

github.com/advisories/GHSA-qf9q-q4hh-qph3
github.com/ankane/blazer/issues/392
nvd.nist.gov/vuln/detail/CVE-2022-29498

Code Behaviors & Features

Detect and mitigate CVE-2022-29498 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →