github.com/concourse/concourse is vulnerable to SQL injection. The API does not validate and sanitize user input to the version identifier parameter, allowing a remote attacker inject and execute arbitrary SQL statements to retrieve privileged data from the database.