Multiple SQL injection vulnerabilities in the Doctrine\DBAL
onlinesid opened this issue · 1 comments
Any reason the 1.x isn't included?
In security-advisories/doctrine/dbal/2011-09-25.yaml
title: SQL injection possibility
link: https://www.doctrine-project.org/blog/dbal-security-2011-1.html
cve: ~
branches:
2.0.x:
time: 2011-08-29 22:36:11
versions: ['>=2.0.0', '<2.0.8']
2.1.x:
time: 2011-08-29 22:36:11
versions: ['>=2.1.0', '<2.1.2']
reference: composer://doctrine/dbal
But in NVD the description says this:
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
There is no DBAL 1.x