Advisories for Composer/Doctrine/Orm package

An issue identified in doctrine/orm project related to statement in Where-Clause were not wrapped in brackets due to improper hadandling of case insensitive check.

Doctrine is prone to SQL injection vulnerability. Users of Doctrine 1.2 and 2 should update to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2. Affected versions are: 1.2.3 and earlier for PostgreSQL and DB2 Dialects 2.0.2 and earlier The security issue was found to affect the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery() function which does not cast …

Doctrine Annotations allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.