Rubygeocoder: >> Geocoder >> 0.8.5 Security Vulnerabilities
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-01-25