cakephp/cakephp Security Advisories for 2.9.7 (2)
-
[HIGH] CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
PKSA-hv96-tqmc-t3j9 CVE-2015-8379 GHSA-556q-h4vr-pgh2
Affected version: >=2.0.0-alpha,<3.1.5
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in CakePHP
PKSA-8jvz-y796-qyx9 CVE-2020-15400 GHSA-j33j-fg2g-mcv2
Affected version: <3.10.3|>=4.0.0,<4.0.6
Reported by:
GitHub