Kbond

**Name of the Vulnerable Software and Affected Versions** zenstruck/collections versions prior to 0.2.1 **Description** The issue arises from passing callable strings, such as `system`, which causes the function to be executed. This results in a limited subset of specific user input being executed as if it were code. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include: - Vulnerable function names: `EntityRepository::find()` and `query()` - Vulnerable parameters or variables: `user input` passed to the aforementioned functions **Recommendations** For versions prior to 0.2.1, upgrade to release version 0.2.1 to resolve the issue. As a temporary workaround for users unable to upgrade, ensure that user input is not passed to either `EntityRepository::find()` or `query()`.