Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories: GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB

CakePHP vulnerable to Cross-site Scripting in some development error pages

CakePHP 3.4 prior to 3.4.14, 3.5 prior to 3.5.17, and 3.6 prior to 3.6.4 contains a cross-site-scripting (XSS) vulnerability in the development only missing route and duplicate named route error pages.

Permalink: https://github.com/advisories/GHSA-xwhj-pqcg-8rcr

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 days ago
Updated: 8 days ago

Identifiers: GHSA-xwhj-pqcg-8rcr
References:

Affected Packages

packagist:cakephp/cakephp
Versions: >= 3.6.0, < 3.6.4, >= 3.5.0, < 3.5.17, >= 3.4.0, < 3.4.14
Fixed in: 3.6.4, 3.5.17, 3.4.14