FriendsOfPHP/security-advisories

Multiple SQL injection vulnerabilities in the Doctrine\DBAL

onlinesid opened this issue · 1 comments

Any reason the 1.x isn't included?

In security-advisories/doctrine/dbal/2011-09-25.yaml

title: SQL injection possibility
link: https://www.doctrine-project.org/blog/dbal-security-2011-1.html
cve: ~
branches:
2.0.x:
time: 2011-08-29 22:36:11
versions: ['>=2.0.0', '<2.0.8']
2.1.x:
time: 2011-08-29 22:36:11
versions: ['>=2.1.0', '<2.1.2']
reference: composer://doctrine/dbal

But in NVD the description says this:

Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.

There is no DBAL 1.x