github.com/concourse/concourse is vulnerable to SQL injection. The API does not validate and sanitize user input to the version identifier parameter, allowing a remote attacker inject and execute arbitrary SQL statements to retrieve privileged data from the database.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/concourse/concourse | eq | HEAD | |
github.com/concourse/concourse | eq | 5.0.0 |