Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Advisories: GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6
CakePHP has incorrect Cross-Site Request Forgery validation
CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data.
Permalink: https://github.com/advisories/GHSA-829q-v5g8-hhxcSource: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 days ago
Updated: 8 days ago
Identifiers: GHSA-829q-v5g8-hhxc
References:
- https://github.com/cakephp/cakephp/commit/522ed2f1fb49b00001c1ef8815a6feda790d61dd
- https://bakery.cakephp.org/2015/05/07/cakephp_3_0_4_released.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-05-07.yaml
- https://github.com/advisories/GHSA-829q-v5g8-hhxc
Affected Packages
packagist:cakephp/cakephp
Versions: >= 3.0.0, < 3.0.4Fixed in: 3.0.4