See on RubyGems

blazer 2.4.3

1 security vulnerability found in version 2.4.3

SQL injection for certain queries with variables

high severity CVE-2022-29498
high severity CVE-2022-29498
Patched versions: >= 2.6.0

For some queries, specific variable values can modify the query rather than just the variable. This can occur if:

  1. the query's data source uses different escaping than the Rails database OR
  2. the query has a variable inside a string literal

Since Blazer is designed to run arbitrary queries, the impact will typically be low. Users cannot run any queries they could not have already run. However, an attacker could get a user to run a query they would not have normally run. If the data source has write permissions, this could include modifying data in some cases.

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.