Package: src:php-illuminate-database Version: 5.7.27-1 Severity: important Tags: security upstream
Dear Maintainer, Upstream has published a security advisory [1,2] regarding an SQL injection vulnerability when used with Microsoft SQL Server. The vulnerability was fixed upstream in version 6.20.26 and 8.40.0. Looking at the package, this vulnerability probably exists in the version that is currently in stable, too. [1] https://blog.laravel.com/security-sql-injection-in-sql-server-limit-offset [2] https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j Regards, Robin
