CVE-2019-11458
- Source
- https://cve.org/CVERecord?id=CVE-2019-11458
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11458.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11458
- Aliases
- Published
- 2019-05-08T18:29:00.453Z
- Modified
- 2026-04-10T04:14:15.557743Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.
- References
-
- https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html
- https://github.com/cakephp/cakephp/releases
- https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
- https://github.com/cakephp/cakephp/commits/master
- https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7
Affected packages
Git / github.com/cakephp/cakephp
Affected versions
1.*
1.2.0
1.2.1
1.3-dev
1.3.0-RC1
1.3.0-RC2
1.3.0-alpha
1.3.0-beta
2.*
2.0.0-RC1
2.0.0-alpha
2.0.0-beta
2.0.0-dev
2.1.0
2.1.0-RC
2.1.0-alpha
2.1.0-beta
2.2.0-RC1
2.2.0-beta
3.*
3.0.0
3.0.0-RC1
3.0.0-RC2
3.0.0-alpha1
3.0.0-alpha2
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-dev1
3.0.0-dev2
3.0.0-dev3
3.0.1
3.0.10
3.0.11
3.0.12
3.0.13
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2.0
3.3.0-RC1
3.3.0-beta
3.3.0-beta2
3.3.0-beta3
3.4.0-RC1
3.4.0-RC2
3.4.0-RC3
3.4.0-RC4
3.4.0-beta1
3.4.0-beta2
3.4.0-beta3
3.4.0-beta4
3.5.0
3.5.0-RC1
3.5.0-RC2
3.5.1
3.5.10
3.5.11
3.5.12
3.5.13
3.5.14
3.5.15
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.6.0
3.6.1
3.6.10
3.6.11
3.6.12
3.6.13
3.6.14
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.6.9
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6