Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories: GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6

CakePHP has incorrect Cross-Site Request Forgery validation

CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data.

Permalink: https://github.com/advisories/GHSA-829q-v5g8-hhxc

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 days ago
Updated: 8 days ago

Identifiers: GHSA-829q-v5g8-hhxc
References:

Affected Packages

packagist:cakephp/cakephp
Versions: >= 3.0.0, < 3.0.4
Fixed in: 3.0.4