GHSA-76w8-mqx4-wjrf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-76w8-mqx4-wjrf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-76w8-mqx4-wjrf/GHSA-76w8-mqx4-wjrf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-76w8-mqx4-wjrf
- Published
- 2024-05-15T18:42:20Z
- Modified
- 2024-05-15T18:42:20Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS Calculator
- Summary
- Doctrine DBAL SQL injection possibility
- Details
-
The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier() or Doctrine::quoteIdentifier() please upgrade immediately. The ORM itself does not use identifier quoting in combination with user-input, however we still urge everyone to update to the latest version of DBAL.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-05-15T18:42:20Z" }- References
Affected packages
Packagist / doctrine/dbal
Package
- Name
- doctrine/dbal
- Purl
- pkg:composer/doctrine/dbal
Packagist / doctrine/dbal
Package
- Name
- doctrine/dbal
- Purl
- pkg:composer/doctrine/dbal