GHSA-q79m-c546-2g63
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q79m-c546-2g63
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-q79m-c546-2g63/GHSA-q79m-c546-2g63.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q79m-c546-2g63
- Published
- 2023-01-20T23:23:26Z
- Modified
- 2024-11-29T05:40:08.569689Z
- Summary
- CakePHP vulnerable to Denial of Service attack through XML payloads
- Details
-
RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages
Xml::build()which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads. - Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-01-20T23:23:26Z" }- References
Affected packages
Packagist / cakephp/cakephp
Package
- Name
- cakephp/cakephp
- Purl
- pkg:composer/cakephp/cakephp
Packagist / cakephp/cakephp
Package
- Name
- cakephp/cakephp
- Purl
- pkg:composer/cakephp/cakephp
Packagist / cakephp/cakephp
Package
- Name
- cakephp/cakephp
- Purl
- pkg:composer/cakephp/cakephp
Packagist / cakephp/cakephp
Package
- Name
- cakephp/cakephp
- Purl
- pkg:composer/cakephp/cakephp
Packagist / cakephp/cakephp
Package
- Name
- cakephp/cakephp
- Purl
- pkg:composer/cakephp/cakephp
Packagist / cakephp/cakephp
Package
- Name
- cakephp/cakephp
- Purl
- pkg:composer/cakephp/cakephp
Packagist / cakephp/cakephp
Package
- Name
- cakephp/cakephp
- Purl
- pkg:composer/cakephp/cakephp
Packagist / cakephp/cakephp
Package
- Name
- cakephp/cakephp
- Purl
- pkg:composer/cakephp/cakephp