{"url":"http://public2.vulnerablecode.io/api/packages/388432?format=json","purl":"pkg:composer/cakephp/cakephp@2.7.0-stable","type":"composer","namespace":"cakephp","name":"cakephp","version":"2.7.0-stable","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.10.3","latest_non_vulnerable_version":"5.3.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361619?format=json","vulnerability_id":"VCID-pndg-eaey-2ydk","summary":"Potential direct access to prefixed actions\nUnconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.","references":[{"reference_url":"http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html","reference_id":"","reference_type":"","scores":[],"url":"http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379902?format=json","purl":"pkg:composer/cakephp/cakephp@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"},{"vulnerability":"VCID-nsq5-7j7c-hbak"},{"vulnerability":"VCID-pjc3-66nj-mqe6"},{"vulnerability":"VCID-yrzx-r3q3-43ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/404353?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1"}],"aliases":["GMS-2015-17"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pndg-eaey-2ydk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361618?format=json","vulnerability_id":"VCID-ufhs-run3-kqag","summary":"Unreliable data validation\nThere's a flow in Validation::compare() and Validation::range() that makes possible to pass validation criteria using crafted data.","references":[{"reference_url":"http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html","reference_id":"","reference_type":"","scores":[],"url":"http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379902?format=json","purl":"pkg:composer/cakephp/cakephp@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"},{"vulnerability":"VCID-nsq5-7j7c-hbak"},{"vulnerability":"VCID-pjc3-66nj-mqe6"},{"vulnerability":"VCID-yrzx-r3q3-43ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/404353?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1"}],"aliases":["GMS-2015-18"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufhs-run3-kqag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361657?format=json","vulnerability_id":"VCID-yrzx-r3q3-43ej","summary":"Unsafe view template filenames result in a Remote File Inclusion vulnerability.","references":[{"reference_url":"http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html","reference_id":"","reference_type":"","scores":[],"url":"http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379894?format=json","purl":"pkg:composer/cakephp/cakephp@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/404353?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/379895?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"},{"vulnerability":"VCID-9fz7-k62h-eydd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/405396?format=json","purl":"pkg:composer/cakephp/cakephp@3.1.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"},{"vulnerability":"VCID-9fz7-k62h-eydd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/379896?format=json","purl":"pkg:composer/cakephp/cakephp@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-251n-1k53-57dd"},{"vulnerability":"VCID-3cx6-dpsf-xkhw"},{"vulnerability":"VCID-74cw-ufme-5yfh"},{"vulnerability":"VCID-9fz7-k62h-eydd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4"}],"aliases":["GMS-2015-41"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzx-r3q3-43ej"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-stable"}