Security Advisories - cakephp/cakephp - Packagist

cakephp/cakephp Security Advisories for 2.8.0-RC1 (3)

CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter

CVE-2015-8379

Affected version: >=2.0.0-alpha,<3.1.5

Reported by:
GitHub
CakePHP allows remote attackers to spoof their IP

CVE-2016-4793

Affected version: >=3.2.0-rc1,<3.2.5|>=3.1.0-beta1,<3.1.12|>=3.0.0-rc1,<3.0.17|>=2.8.0-rc1,<2.8.2|>=2.7.0-rc1,<2.7.11|>=1.2.0,<2.6.13

Reported by:
GitHub
Cross-Site Request Forgery in CakePHP

CVE-2020-15400

Affected version: <3.10.3|>=4.0.0,<4.0.6

Reported by:
GitHub