Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.Referenceshttps://github.com/ankane/blazer/issues/392
