CVE-2021-43608

Name of the Vulnerable Software and Affected Versions Doctrine DBAL versions 3.x before 3.1.4

Description The issue allows SQL Injection due to improper casting of offset and length inputs to the generation of a LIMIT clause. This can occur if application developers pass unescaped user input to the DBAL QueryBuilder or any other API that uses the AbstractPlatform::modifyLimitQuery API.

Recommendations For Doctrine DBAL versions 3.x before 3.1.4, update to version 3.1.4 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input before passing it to the DBAL QueryBuilder or other affected APIs to minimize the risk of SQL injection.