Security Advisories - cakephp/cakephp - Packagist

cakephp/cakephp Security Advisories for 3.0.16 (4)

[HIGH] CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter

PKSA-hv96-tqmc-t3j9 CVE-2015-8379 GHSA-556q-h4vr-pgh2

Affected version: >=2.0.0-alpha,<3.1.5

Reported by:
GitHub
[HIGH] CakePHP allows remote attackers to spoof their IP

PKSA-22c4-k52d-35hx CVE-2016-4793 GHSA-j8p3-8m69-2hqq

Affected version: >=3.2.0-rc1,<3.2.5|>=3.1.0-beta1,<3.1.12|>=3.0.0-rc1,<3.0.17|>=2.8.0-rc1,<2.8.2|>=2.7.0-rc1,<2.7.11|>=1.2.0,<2.6.13

Reported by:
GitHub
[MEDIUM] Cross-Site Request Forgery in CakePHP

PKSA-8jvz-y796-qyx9 CVE-2020-15400 GHSA-j33j-fg2g-mcv2

Affected version: <3.10.3|>=4.0.0,<4.0.6

Reported by:
GitHub
[HIGH] Unsafe deserialization in SmtpTransport

PKSA-yzfm-z92t-1mxd CVE-2019-11458 GHSA-qhrx-hcm6-pmrw

Affected version: >=3.0.0,<3.5.18|>=3.6.0,<3.6.15|>=3.7.0,<3.7.7

Reported by:
FriendsOfPHP/security-advisories, GitHub