2035267 – (CVE-2021-43608) CVE-2021-43608 php-doctrine-dbal: SQL Injection

Bug 2035267 (CVE-2021-43608) - CVE-2021-43608 php-doctrine-dbal: SQL Injection

Summary: CVE-2021-43608 php-doctrine-dbal: SQL Injection

Keywords:
Status:	NEW
Alias:	CVE-2021-43608
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2035268 2035269
Blocks:
TreeView+	depends on / blocked

Reported:	2021-12-23 12:34 UTC by Marian Rehak
Modified:	2023-07-07 08:30 UTC (History)
CC List:	3 users (show)
Fixed In Version:	php-doctrine-dbal 3.1.4
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2021-12-23 12:34:53 UTC

The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.

Upstream Reference:

https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
https://github.com/doctrine/dbal/releases

Comment 1 Marian Rehak 2021-12-23 12:35:10 UTC

Created php-doctrine-dbal tracking bugs for this issue:

Affects: epel-7 [bug 2035269]
Affects: fedora-all [bug 2035268]

Note You need to log in before you can comment on or make changes to this bug.