Hoger Just

**Name of the Vulnerable Software and Affected Versions** Redmine versions 3.2.9 and prior, 3.3.x through 3.3.9 **Description** A SQL injection issue allows users to access protected information via a crafted object query. The vulnerability is related to the lack of protection measures for the SQL query structure, which can be exploited by a remote attacker to gain unauthorized access to protected information. **Recommendations** For Redmine versions 3.2.9 and prior, update to version 3.3.10 or later. For Redmine versions 3.3.x through 3.3.9, update to version 3.3.10 or later. As a temporary workaround, consider restricting access to sensitive data and queries until a patch is applied.