High severity7.5NVD Advisory· Published Apr 21, 2022· Updated Jun 17, 2026
CVE-2022-29498
CVE-2022-29498
Description
Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
blazerRubyGems | < 2.6.0 | 2.6.0 |
Affected products
2- Blazer/Blazerdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-qf9q-q4hh-qph3ghsaADVISORY
- github.com/ankane/blazer/issues/392nvdMitigationThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-29498ghsaADVISORY
- github.com/ankane/blazer/commit/f49fbfed7b9e406a69eb78c463c3aa5d35006d8d%22ghsaWEB
- github.com/ankane/blazer/issues/391ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/blazer/CVE-2022-29498.ymlghsaWEB
News mentions
0No linked articles in our index yet.