Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories: GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9

CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues.

Permalink: https://github.com/advisories/GHSA-j9q2-f9q7-jhgq

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 days ago
Updated: 8 days ago

Identifiers: GHSA-j9q2-f9q7-jhgq
References:

Affected Packages

packagist:cakephp/cakephp
Versions: >= 1.3.0, < 1.3.18, >= 2.0.0, < 2.4.8
Fixed in: 1.3.18, 2.4.8