Описание
geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-69662
- https://github.com/geopandas/geopandas/issues/3679
- https://github.com/geopandas/geopandas/pull/3681
- https://github.com/geopandas/geopandas/commit/6aa8ef14ffdee4ba1044349ab948e1a1fbfaf419
- https://aydinnyunus.github.io/2025/12/27/sql-injection-geopandas
- https://github.com/geopandas/geopandas/releases/tag/v1.1.2
Пакеты
geopandas
< 1.1.2
1.1.2
Связанные уязвимости
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
SQL injection vulnerability in geopandas before v.1.1.2 allows an atta ...