CVE-2025-69662

Опубликовано: 30 янв. 2026

Источник: debian

EPSS Низкий

Описание

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-geopandas	fixed	1.1.2-1		package

Примечания

https://aydinnyunus.github.io/2025/12/27/sql-injection-geopandas/
https://github.com/geopandas/geopandas/pull/3681
Fixed by: https://github.com/geopandas/geopandas/commit/6aa8ef14ffdee4ba1044349ab948e1a1fbfaf419 (main)
Fix backported in: https://github.com/geopandas/geopandas/commit/81214bf9f3eaba9f5fdcfd141ae8d16fa17fd860 (v1.1.2)

EPSS

Процентиль: 14%

0.00046

Низкий

Связанные уязвимости

CVE-2025-69662

CVSS3: 8.6

ubuntu

8 дней назад

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

CVE-2025-69662

CVSS3: 8.6

nvd

8 дней назад

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

GHSA-6497-prx7-gpmq

CVSS3: 8.6

github

8 дней назад

geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure

EPSS

Процентиль: 14%

0.00046

Низкий