SQL Injection Affecting doctrine/orm package, versions <2.8.4
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-DOCTRINEORM-1243727
- published 7 Apr 2021
- disclosed 7 Apr 2021
- credit Unknown
How to fix?
Upgrade doctrine/orm
to version 2.8.4 or higher.
Overview
Affected versions of this package are vulnerable to SQL Injection. Statements in the Where
clause are not wrapped in parenthesis when or
or and
is written in lowercase.