Tag
A SQL injection vulnerability exists in SciTokens versions before 1.9.6, allowing attackers to execute arbitrary SQL commands via the KeyCache class by manipulating user-supplied data used in SQL query construction.