SQL Injection in Geocoder

2020-06-1020:03:02

Google

osv.dev

0.002 Low

EPSS

Percentile

54.8%

JSON

sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.

CPENameOperatorVersion
geocodereq1.2.8
geocodereq1.2.9
geocodereq1.4.9
geocodereq1.0.3
geocodereq1.3.0
geocodereq1.5.0
geocodereq1.4.1
geocodereq1.4.6
geocodereq0.9.8
geocodereq1.5.2

Name	Operator	Version
geocoder	eq	1.2.8
geocoder	eq	1.2.9
geocoder	eq	1.4.9
geocoder	eq	1.0.3
geocoder	eq	1.3.0
geocoder	eq	1.5.0
geocoder	eq	1.4.1
geocoder	eq	1.4.6
geocoder	eq	0.9.8
geocoder	eq	1.5.2