What is the severity of CVE-2021-43608?

CVE-2021-43608 has a high severity due to the potential for SQL Injection, which can lead to unauthorized access to the database.

How do I fix CVE-2021-43608?

To fix CVE-2021-43608, upgrade the Doctrine DBAL to version 3.1.4 or later.

What versions of Doctrine DBAL are affected by CVE-2021-43608?

CVE-2021-43608 affects Doctrine DBAL versions from 3.0.0 up to, but not including, 3.1.4.

What type of vulnerability is CVE-2021-43608?

CVE-2021-43608 is classified as an SQL Injection vulnerability.

How can CVE-2021-43608 be exploited?

CVE-2021-43608 can be exploited when unescaped user input is passed to the DBAL QueryBuilder, allowing attackers to manipulate SQL queries.

Vulnerability/
CVE-2021-43608

critical

9.8

CWE

11/11/2021

9/12/2021

21/11/2024

CVE-2021-43608: SQL Injection

First published: Thu Nov 11 2021(Updated: )

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/doctrine/dbal	>=3.0.0<3.0.99>=3.1.0<3.1.4
Doctrine-project Database Abstraction Layer	>=3.0.0<3.1.4
composer/doctrine/dbal	>=3.0.0<3.1.4	3.1.4
	>=3.0.0<3.1.4

Remedy

https://github.com/doctrine/dbal/commit/9dcfa4cb6c03250b78a84737ba7ceb82f4b7ba4d

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-43608?
CVE-2021-43608 has a high severity due to the potential for SQL Injection, which can lead to unauthorized access to the database.
How do I fix CVE-2021-43608?
To fix CVE-2021-43608, upgrade the Doctrine DBAL to version 3.1.4 or later.
What versions of Doctrine DBAL are affected by CVE-2021-43608?
CVE-2021-43608 affects Doctrine DBAL versions from 3.0.0 up to, but not including, 3.1.4.
What type of vulnerability is CVE-2021-43608?
CVE-2021-43608 is classified as an SQL Injection vulnerability.
How can CVE-2021-43608 be exploited?
CVE-2021-43608 can be exploited when unescaped user input is passed to the DBAL QueryBuilder, allowing attackers to manipulate SQL queries.

collector/friends-of-php
collector/nvd-index
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-r7cj-8hjg-x622
alias/CVE-2021-43608
agent/software-canonical-lookup
agent/severity
agent/references
agent/weakness
agent/remedy
agent/description
collector/nvd-cve
source/NVD
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
collector/nvd-api
agent/last-modified-date
agent/softwarecombine
agent/event
agent/trending
agent/tags
agent/source
package-manager/composer
vendor/doctrine-project
canonical/doctrine-project database abstraction layer
version/doctrine-project database abstraction layer/3.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.