cakephp/cakephp vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the cakephp/cakephp package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Request Forgery (CSRF)	>=4.0.0, <4.0.10 >=4.1.0, <4.1.4
H Cross-site Request Forgery (CSRF)	>=2.0.0-alpha, <3.1.5
M XML External Entity (XXE) Injection	>=2.1.0-alpha, <2.1.5 >=2.2.0-beta, <2.2.1
M Access Control Bypass	>=2.0.0, <2.0.99 >=2.1.0, <2.1.99 >=2.2.0, <2.2.99 >=2.3.0, <2.3.99 >=2.4.0, <2.4.99 >=2.5.0, <2.5.9 >=2.6.0, <2.6.11 >=2.7.0, <2.7.2
M PHP Remote File Inclusion	>=2.0.0, <2.0.99 >=2.1.0, <2.1.99 >=2.2.0, <2.2.99 >=2.3.0, <2.3.99 >=2.4.0, <2.4.99 >=2.5.0, <2.5.99 >=2.6.0, <2.6.12 >=2.7.0, <2.7.6 >=3.0.0, <3.0.15 >=3.1.0, <3.1.4
M Cross-site Scripting (XSS)	>=3.4.0, <3.4.14 >=3.6.0, <3.6.4 >=3.5.0, <3.5.17
H SQL Injection	<4.2.12 >=4.3.0-RC1, <4.3.11 >=4.4.0-RC1, <4.4.10
H Cross-site Request Forgery (CSRF)	<3.10.3 >=4.0.0-alpha1, <4.0.6
M Deserialization of Untrusted Data	>=3.6.0, <3.6.15 >=3.7.0, <3.7.7 >=3.0.0, <3.5.18
M Cross-site Scripting (XSS)	>=3.6.0, <3.6.4 >=3.4.0, <3.4.14 >=3.5.0, <3.5.17
H Arbitrary File Inclusion	>=2.6.0, <2.6.12 >=2.7.0, <2.7.6 >=3.0.0, <3.0.15 >=3.1.0, <3.1.4
M Access Restriction Bypass	<2.5.9 >=2.6.0, <2.6.11 >=2.7.0, <2.7.2
H Denial of Service (DoS)	<2.6.6 >=3.0.0, <3.0.6
M Cross-site Request Forgery (CSRF)	>=3.0.0, <3.0.4
H Cross Domain Form Submission	<1.3.18 >=2.0.0, <2.4.8