Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.
{ "nvd_published_at": "2022-04-21T05:15:00Z", "cwe_ids": [ "CWE-89" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-04-29T21:07:16Z" }