EPSS
Percentile
47.2%
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.
github.com/concourse/concourse/blob/master/release-notes/v5.0.1.md#v501-note-1
github.com/concourse/concourse/commit/dc3d15ab6c3a69890c9985f9c875d4c2949be727
nvd.nist.gov/vuln/detail/CVE-2019-3792
pivotal.io/security/cve-2019-3792