Packagist (Composer) package
doctrine/dbal
pkg:composer/doctrine/dbal
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-43608 | Cri | 9.8 | >= 3.0.0, < 3.1.4 | 3.1.4 | Dec 9, 2021 | Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuild |
- affected >= 3.0.0, < 3.1.4fixed 3.1.4
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuild