VYPR

Packagist (Composer) package

doctrine/dbal

pkg:composer/doctrine/dbal

Vulnerabilities (1)

  • CVE-2021-43608CriDec 9, 2021
    affected >= 3.0.0, < 3.1.4fixed 3.1.4

    Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuild