It is not a false positive: it is a critical bug that can potentially lead to data exfiltration.
The report is wrong in its version range though: only 2.8.3 is affected, while both 2.8.2 and 2.8.4 are OK. https://github.com/FriendsOfPHP/security-advisories/pull/548 On Wed, Apr 21, 2021, 05:00 Alex Mahone <[email protected]> wrote: > > Hi, our security team used superduck to scan the code and found that the > ORM reported a security issue, but we checked the code. Is this will cause > a security issue? If no, can we eliminate this false positive? > > Issue reported by Vulnerability DB: > https://snyk.io//vuln/SNYK-PHP-DOCTRINEORM-1243727 > > Thanks. > > -- > You received this message because you are subscribed to the Google Groups > "doctrine-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/doctrine-user/e39e11ff-3c5a-4e70-8e53-a35150e5eec8n%40googlegroups.com > <https://groups.google.com/d/msgid/doctrine-user/e39e11ff-3c5a-4e70-8e53-a35150e5eec8n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "doctrine-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/doctrine-user/CADyq6sJ6-DVnFr%2BUQmSeVvLn7m5jpTpxptZ7r1OoCpFwoRuvYA%40mail.gmail.com.
