CVE-2016-4793

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-4793

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4793.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-4793

Aliases

GHSA-j8p3-8m69-2hqq

Downstream

DEBIAN-CVE-2016-4793

DLA-835-1

UBUNTU-CVE-2016-4793

Published

2017-01-23T21:59:01.580Z

Modified

2026-04-10T03:51:31.002561Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

References

Affected packages

Git / github.com/cakephp/cakephp

Affected ranges

Type

GIT

Repo

https://github.com/cakephp/cakephp

Events

Introduced

Last affected

e4ee4f82cdf28e0bb941ca0ef6f7875ad8151995

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.4"
        }
    ]
}

Affected versions

1.*

1.2.0

1.2.1

1.3-dev

1.3.0-RC1

1.3.0-RC2

1.3.0-alpha

1.3.0-beta

2.*

2.0.0-RC1

2.0.0-alpha

2.0.0-beta

2.0.0-dev

2.1.0

2.1.0-RC

2.1.0-alpha

2.1.0-beta

2.2.0-RC1

2.2.0-beta

3.*

3.0.0

3.0.0-RC1

3.0.0-RC2

3.0.0-alpha1

3.0.0-alpha2

3.0.0-beta1

3.0.0-beta2

3.0.0-beta3

3.0.0-dev1

3.0.0-dev2

3.0.0-dev3

3.0.1

3.0.10

3.0.11

3.0.12

3.0.13

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4793.json"