Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.
References
Link | Resource |
---|---|
https://github.com/doctrine/dbal/commit/9dcfa4cb6c03250b78a84737ba7ceb82f4b7ba4d | Patch Third Party Advisory |
https://github.com/doctrine/dbal/releases | Release Notes Third Party Advisory |
https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622 | Third Party Advisory |
https://www.doctrine-project.org/2021/11/11/dbal3-vulnerability-fixed.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-12-09T19:02:59
Updated: 2021-12-09T19:02:59
Reserved: 2021-11-12T00:00:00
Link: CVE-2021-43608
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-09T20:15:07.937
Modified: 2021-12-15T14:46:41.303
Link: CVE-2021-43608
JSON object: View
Redhat Information
No data.
CWE