CakePHP has incorrect Cross-Site Request Forgery validation · GHSA-829q-v5g8-hhxc · GitHub Advisory Database · GitHub

CakePHP has incorrect Cross-Site Request Forgery validation

Moderate severity GitHub Reviewed Published Jan 20, 2023 to the GitHub Advisory Database • Updated Jan 20, 2023

Package

cakephp/cakephp (Composer)

Affected versions

>= 3.0.0, < 3.0.4

Patched versions

3.0.4

Description

CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data.

References

Published to the GitHub Advisory Database Jan 20, 2023

Reviewed Jan 20, 2023

Last updated Jan 20, 2023