| Release | Version |
|---|---|
| jessie | 1.3.15-2 |
| stretch | 2.8.5-1 |
| buster | 2.10.11-2 |
| bullseye | 2.10.11-2.1 |
| Bug | jessie | stretch | buster | bullseye | Description |
|---|---|---|---|---|---|
| TEMP-0832283-698CF7 | vulnerable (no DSA) | fixed | fixed | fixed | cakephp: XML class SSRF vulnerability |
| CVE-2020-15400 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ... |
| CVE-2016-4793 | vulnerable (no DSA) | fixed | fixed | fixed | The clientIp function in CakePHP 3.2.4 and earlier allows remote attac ... |
| CVE-2015-8379 | vulnerable (no DSA) | fixed | fixed | fixed | CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypas ... |
| Bug | Description |
|---|---|
| TEMP-0000000-CFFE57 | cakephp: local file inclusion |
| CVE-2020-35239 | A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The Cs ... |
| CVE-2019-11458 | An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserial ... |
| CVE-2012-4399 | The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 all ... |
| CVE-2010-4335 | The _validatePost function in libs/controller/components/security.php ... |
| CVE-2006-5031 | Directory traversal vulnerability in app/webroot/js/vendors.php in Cak ... |
| CVE-2006-4067 | Cross-site scripting (XSS) vulnerability in cake/libs/error.php in Cak ... |
| DSA / DLA | Description |
|---|---|
| DLA-835-1 | cakephp - security update |
| DLA-566-1 | cakephp - security update |
| DLA-333-1 | cakephp - security update |