Using JSON syntax, it is possible to craft new SQLi payloads. These payloads, since they are not commonly known, could be used to fly under the radar and bypass many security tools.
PostgreSQL >= v9.2
MySQL >= v5.7.8
SQLite >= v3.38.0
SQLServer >= v2016
SQL injection: Remote attackers can exploit SQL injection vulnerability that they used to exfiltrate users’ sessions, SSH keys, password hashes, tokens, and verification codes.
Apply the most recent upgrade or patch from the vend or disable JSON in DB.