cakephp/cakephp vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the cakephp/cakephp package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Cross-site Request Forgery (CSRF)

>=4.0.0, <4.0.10>=4.1.0, <4.1.4
  • H
Cross-site Request Forgery (CSRF)

>=2.0.0-alpha, <3.1.5
  • M
XML External Entity (XXE) Injection

>=2.1.0-alpha, <2.1.5>=2.2.0-beta, <2.2.1
  • M
Access Control Bypass

>=2.0.0, <2.0.99>=2.1.0, <2.1.99>=2.2.0, <2.2.99>=2.3.0, <2.3.99>=2.4.0, <2.4.99>=2.5.0, <2.5.9>=2.6.0, <2.6.11>=2.7.0, <2.7.2
  • M
PHP Remote File Inclusion

>=2.0.0, <2.0.99>=2.1.0, <2.1.99>=2.2.0, <2.2.99>=2.3.0, <2.3.99>=2.4.0, <2.4.99>=2.5.0, <2.5.99>=2.6.0, <2.6.12>=2.7.0, <2.7.6>=3.0.0, <3.0.15>=3.1.0, <3.1.4
  • M
Cross-site Scripting (XSS)

>=3.4.0, <3.4.14>=3.6.0, <3.6.4>=3.5.0, <3.5.17
  • H
SQL Injection

<4.2.12>=4.3.0-RC1, <4.3.11>=4.4.0-RC1, <4.4.10
  • H
Cross-site Request Forgery (CSRF)

<3.10.3>=4.0.0-alpha1, <4.0.6
  • M
Deserialization of Untrusted Data

>=3.6.0, <3.6.15>=3.7.0, <3.7.7>=3.0.0, <3.5.18
  • M
Cross-site Scripting (XSS)

>=3.6.0, <3.6.4>=3.4.0, <3.4.14>=3.5.0, <3.5.17
  • H
Arbitrary File Inclusion

>=2.6.0, <2.6.12>=2.7.0, <2.7.6>=3.0.0, <3.0.15>=3.1.0, <3.1.4
  • M
Access Restriction Bypass

<2.5.9>=2.6.0, <2.6.11>=2.7.0, <2.7.2
  • H
Denial of Service (DoS)

<2.6.6>=3.0.0, <3.0.6
  • M
Cross-site Request Forgery (CSRF)

>=3.0.0, <3.0.4
  • H
Cross Domain Form Submission

<1.3.18>=2.0.0, <2.4.8