Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/cakephp/cakephp@3.0.4
purl pkg:composer/cakephp/cakephp@3.0.4
Next non-vulnerable version 3.10.3
Latest non-vulnerable version 5.3.1
Risk 4.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-2ggf-ncwr-tkea
Aliases:
CVE-2019-11458
GHSA-qhrx-hcm6-pmrw
3.5.18
Affected by 1 other vulnerability.
3.6.15
Affected by 1 other vulnerability.
3.7.7
Affected by 1 other vulnerability.
VCID-e42e-y1zv-4yem
Aliases:
CVE-2016-4793
GHSA-j8p3-8m69-2hqq
Improper Input Validation The `clientIp` function in CakePHP allows remote attackers to spoof their IP via the `CLIENT-IP` HTTP header.
3.0.17
Affected by 4 other vulnerabilities.
3.1.12
Affected by 3 other vulnerabilities.
3.2.5
Affected by 2 other vulnerabilities.
VCID-efhb-ed55-3fdy
Aliases:
CVE-2020-15400
GHSA-j33j-fg2g-mcv2
3.10.3
Affected by 0 other vulnerabilities.
4.0.6
Affected by 1 other vulnerability.
VCID-h378-ktx4-eufw
Aliases:
GHSA-q79m-c546-2g63
GMS-2023-71
CakePHP vulnerable to Denial of Service attack through XML payloads RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads.
3.0.6
Affected by 7 other vulnerabilities.
VCID-k87k-gfb3-vbab
Aliases:
GMS-2015-41
Unsafe view template filenames result in a Remote File Inclusion vulnerability.
3.0.15
Affected by 4 other vulnerabilities.
3.1.0-RC1
Affected by 4 other vulnerabilities.
3.1.4
Affected by 4 other vulnerabilities.
VCID-suka-xj97-1ya2
Aliases:
GMS-2015-62
Uncontrolled Resource Consumption Denial of Service attack through XML payloads
3.0.6
Affected by 7 other vulnerabilities.
VCID-tvvp-39ps-sqab
Aliases:
GHSA-p76f-wr22-4rv6
GMS-2023-70
CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.
3.0.15
Affected by 4 other vulnerabilities.
3.1.4
Affected by 4 other vulnerabilities.
VCID-tyh8-9qqj-tfdt
Aliases:
GMS-2015-64
PHP Remote File Inclusion Remote File Inclusion through View template name manipulation.
3.0.15
Affected by 4 other vulnerabilities.
3.1.0-RC1
Affected by 4 other vulnerabilities.
3.1.4
Affected by 4 other vulnerabilities.
VCID-yq27-7v6m-5bc5
Aliases:
CVE-2015-8379
GHSA-556q-h4vr-pgh2
Cross-Site Request Forgery (CSRF) CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
3.1.5
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-aqdf-npt1-5fa9 Cross-Site Request Forgery (CSRF) Incorrect CSRF validation in cakephp. GMS-2015-61
VCID-q8vy-uanb-rfbc Cross-Site Request Forgery (CSRF) in cakephp/cakephp. GHSA-829q-v5g8-hhxc
GMS-2023-68

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T07:15:58.493253+00:00 GitLab Importer Affected by VCID-tvvp-39ps-sqab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml 38.6.0
2026-06-01T07:15:56.818178+00:00 GitLab Importer Affected by VCID-h378-ktx4-eufw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-71.yml 38.6.0
2026-06-01T06:43:10.610273+00:00 GitLab Importer Affected by VCID-yq27-7v6m-5bc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2015-8379.yml 38.6.0
2026-06-01T05:49:13.197542+00:00 GitLab Importer Affected by VCID-efhb-ed55-3fdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2020-15400.yml 38.6.0
2026-05-31T21:34:57.322859+00:00 GHSA Importer Fixing VCID-q8vy-uanb-rfbc https://github.com/advisories/GHSA-829q-v5g8-hhxc 38.6.0
2026-05-31T11:05:47.995626+00:00 GithubOSV Importer Fixing VCID-q8vy-uanb-rfbc https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-829q-v5g8-hhxc/GHSA-829q-v5g8-hhxc.json 38.6.0
2026-05-31T10:01:03.130441+00:00 GitLab Importer Affected by VCID-2ggf-ncwr-tkea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2019-11458.yml 38.6.0
2026-05-31T09:37:45.486329+00:00 GitLab Importer Affected by VCID-e42e-y1zv-4yem https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2016-4793.yml 38.6.0
2026-05-31T09:34:35.771519+00:00 GitLab Importer Affected by VCID-k87k-gfb3-vbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-41.yml 38.6.0
2026-05-31T09:34:35.505355+00:00 GitLab Importer Affected by VCID-tyh8-9qqj-tfdt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-64.yml 38.6.0
2026-05-31T09:34:07.394790+00:00 GitLab Importer Affected by VCID-suka-xj97-1ya2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-62.yml 38.6.0
2026-05-30T20:59:32.646749+00:00 GitLab Importer Fixing VCID-q8vy-uanb-rfbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-68.yml 38.6.0
2026-05-30T20:52:14.707026+00:00 GitLab Importer Fixing VCID-aqdf-npt1-5fa9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-61.yml 38.6.0