Information on source package cakephp

Available versions

ReleaseVersion
stretch2.8.5-1
buster2.10.11-2
bullseye2.10.11-2
sid2.10.11-2

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-15400vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableCakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...

Resolved issues

BugDescription
TEMP-0832283-698CF7cakephp: XML class SSRF vulnerability
TEMP-0000000-CFFE57cakephp: local file inclusion
CVE-2019-11458An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserial ...
CVE-2016-4793The clientIp function in CakePHP 3.2.4 and earlier allows remote attac ...
CVE-2015-8379CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypas ...
CVE-2012-4399The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 all ...
CVE-2010-4335The _validatePost function in libs/controller/components/security.php ...
CVE-2006-5031Directory traversal vulnerability in app/webroot/js/vendors.php in Cak ...
CVE-2006-4067Cross-site scripting (XSS) vulnerability in cake/libs/error.php in Cak ...

Security announcements

DSA / DLADescription
DLA-835-1cakephp - security update
DLA-566-1cakephp - security update
DLA-333-1cakephp - security update

Search for package or bug name: Reporting problems