Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories: GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-

CakePHP vulnerable to Denial of Service attack through XML payloads

RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages Xml::build() which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads.

Permalink: https://github.com/advisories/GHSA-q79m-c546-2g63

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 15 days ago
Updated: 15 days ago

Identifiers: GHSA-q79m-c546-2g63
References:

Affected Packages

packagist:cakephp/cakephp
Versions: >= 2.6.0, < 2.6.6, >= 2.5.0, < 2.5.90, >= 2.4.0, < 2.4.99, >= 2.3.0, < 2.3.99, >= 2.2.0, < 2.2.99, >= 2.1.0, < 2.1.99, >= 2.0.0, < 2.0.99, >= 3.0.0, < 3.0.6
Fixed in: 2.6.6, 2.5.90, 2.4.99, 2.3.99, 2.2.99, 2.1.99, 2.0.99, 3.0.6