CVE-2020-7981

sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
Configurations

Configuration 1

cpe:2.3:a:rubygeocoder:geocoder:*:*:*:*:*:*:*:*

Information

Published : 2020-01-25 08:15

Updated : 2020-01-27 06:59


NVD link : CVE-2020-7981

Mitre link : CVE-2020-7981

Products Affected
No products.
CWE