Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN106 _____________________________________________________________________ DATE : 02/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running geopandas (pip) versions prior to 1.1.2. ===================================================================== https://github.com/advisories/GHSA-6497-prx7-gpmq _____________________________________________________________________ geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure High severity GitHub Reviewed Published Jan 30, 2026 to the GitHub Advisory Database • Updated Feb 1, 2026 Vulnerability details Package geopandas (pip) Affected versions < 1.1.2 Patched versions 1.1.2 Description SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. References https://nvd.nist.gov/vuln/detail/CVE-2025-69662 geopandas/geopandas#3681 https://aydinnyunus.github.io/2025/12/27/sql-injection-geopandas geopandas/geopandas#3679 geopandas/geopandas@6aa8ef1 https://github.com/geopandas/geopandas/releases/tag/v1.1.2 Severity High 8.6/ 10 CVSS v3 base metrics Attack vector Network Attack complexity Low Privileges required None User interaction None Scope Changed Confidentiality High Integrity None Availability None CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N EPSS score 0.035%(10th percentile) Weaknesses Weakness CWE-89 Weakness CWE-202 CVE ID CVE-2025-69662 GHSA ID GHSA-6497-prx7-gpmq Source code geopandas/geopandas ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================