Denial Of Service (DoS)

cakephp/cakephp is vulnerable to Denial Of Service. The vulnerability exists due to the RequestHandlerComponent that leverages Xml::build, which allows an attacker to cause an application crash by reading local files...

CakePHP vulnerable to Denial of Service attack through XML payloads

RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages Xml::build which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML...

GHSA-Q79M-C546-2G63 CakePHP vulnerable to Denial of Service attack through XML payloads

RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages Xml::build which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML...

Potential for Information Disclosure in Application Skeleton

Potential for Information Disclosure in Application Skeleton The default application skeleton contained a beforeRender method on the AppController that could potentially lead to unwanted information disclosure in your application. The unsafe default code was present between 3.1.0 and 3.5.0 of the...

CakePHP 2.6.6 and 3.0.6 Released

CakePHP 2.6.6 and 3.0.6 Released The CakePHP core team is ready to announce the immediate availability of CakePHP 2.6.6 and 3.0.6. These are maintenance releases that contain important security fixes. Security Fixes Earlier this week we were notified that RequestHandlerComponent had a vulnerabili...