Apache Age is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the cypher
function allows a malicious user to inject and execute arbitrary SQL queries on the target system due to the failure to fully utilize parameterization. This only impacts PostgreSQL 11 and 12, and to fully patch you must upgrade the Age extension to >= 1.2.0.