Описание
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 1.5.1-3 |
| eoan | ignored | end of life |
| esm-apps/focal | not-affected | 1.5.1-3 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 1.5.1-3 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
10
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
CVSS3: 9.8
debian
около 6 лет назад
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...
7.5 High
CVSS2
9.8 Critical
CVSS3