Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/cakephp/cakephp@2.7.0-stable

Type composer

Namespace cakephp

Name cakephp

Version 2.7.0-stable

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.10.3

Latest_non_vulnerable_version 5.3.1

Affected_by_vulnerabilities

url VCID-qzjr-cpgd-uba7

vulnerability_id VCID-qzjr-cpgd-uba7

summary

Potential direct access to prefixed actions
Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.

references

reference_url	http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html
reference_id
reference_type
scores
url	http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.7.2

purl pkg:composer/cakephp/cakephp@2.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-cz9h-hf83-eycy

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-s536-vx42-xbhk

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

aliases GMS-2015-17

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qzjr-cpgd-uba7

url VCID-wyxz-rb2r-zfck

vulnerability_id VCID-wyxz-rb2r-zfck

summary

Unreliable data validation
There's a flow in Validation::compare() and Validation::range() that makes possible to pass validation criteria using crafted data.

references

reference_url	http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html
reference_id
reference_type
scores
url	http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.7.2

purl pkg:composer/cakephp/cakephp@2.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-cz9h-hf83-eycy

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-s536-vx42-xbhk

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

aliases GMS-2015-18

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyxz-rb2r-zfck

url VCID-zbjb-pafr-uudq

vulnerability_id VCID-zbjb-pafr-uudq

summary Unsafe view template filenames result in a Remote File Inclusion vulnerability.

references

reference_url	http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html
reference_id
reference_type
scores
url	http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html

fixed_packages

url pkg:composer/cakephp/cakephp@2.7.6

purl pkg:composer/cakephp/cakephp@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6

url pkg:composer/cakephp/cakephp@3.0.0-RC1

purl pkg:composer/cakephp/cakephp@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1

url pkg:composer/cakephp/cakephp@3.0.15

purl pkg:composer/cakephp/cakephp@3.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15

url pkg:composer/cakephp/cakephp@3.1.0-RC1

purl pkg:composer/cakephp/cakephp@3.1.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.0-RC1

url pkg:composer/cakephp/cakephp@3.1.4

purl pkg:composer/cakephp/cakephp@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4

aliases GMS-2015-41

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbjb-pafr-uudq

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-stable

Package Instance