Описание
Doctrine DBAL SQL injection possibility
The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier() or Doctrine::quoteIdentifier() please upgrade immediately. The ORM itself does not use identifier quoting in combination with user-input, however we still urge everyone to update to the latest version of DBAL.
Пакеты
Наименование
doctrine/dbal
composer
Затронутые версииВерсия исправления
>= 2.0.0, < 2.0.8
2.0.8
Наименование
doctrine/dbal
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.2
2.1.2
8.1 High
CVSS3
8.1 High
CVSS3