CNNVD-202601-5047 Information

CNNVD ID

CNNVD-202601-5047

Related CVE

CVE-2025-69662

• CNNVD Published: 2026-01-30

Description (Chinese)

geopandas是GeoPandas开源的一个处理地理数据的Python工具。 geopandas 1.1.2之前版本存在安全漏洞，该漏洞源于to_postgis函数存在缺陷，可能导致攻击者通过该函数将GeoDataFrames写入PostgreSQL数据库时获取敏感信息。

Description (English)

GeoPandas is a Python tool for geodata processing from the GeoPandas open source. There is a security loophole in the pre-geopandas 1.1.2 version, which stems from the defects in the to postgis function, which may lead the assailant to obtain sensitive information when he enters GeoDataFrames in the PostgreSQL database.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GeoPandas

Published

2026-01-30

Last Modified

2026-02-24

References

https://aydinnyunus.github.io/2025/12/27/sql-injection-geopandas/ https://github.com/geopandas/geopandas/pull/3681

Patch

https://github.com/geopandas/geopandas/releases