CVE-2021-43608
Doctrine DBAL 3.x before 3.1.4 is affected by a SQL injection in the LIMIT clause generation. The root cause is that offset and length inputs used to build LIMIT are not reliably cast to integers, which allows injection when unescaped user input is passed to the DBAL QueryBuilder or APIs that cal...