EPSS
Percentile
54.7%
geocoder is vulnerable to SQL injection. The vulnerability exists in sql.rb as the unvalidated values of sw_lat, sw_lng, ne_lat, ne_lng could be used in conjunction with within_bounding_box to inject and execute arbitrary SQL statements.
sql.rb
sw_lat
sw_lng
ne_lat
ne_lng
within_bounding_box
github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613
github.com/alexreisner/geocoder/compare/v1.6.0...v1.6.1