{"url":"http://public2.vulnerablecode.io/api/packages/52339?format=json","purl":"pkg:composer/cakephp/cakephp@2.7.0-stable","type":"composer","namespace":"cakephp","name":"cakephp","version":"2.7.0-stable","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.10.3","latest_non_vulnerable_version":"5.3.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37892?format=json","vulnerability_id":"VCID-qzjr-cpgd-uba7","summary":"Potential direct access to prefixed actions\nUnconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. If your authorization depends on the presence of the prefix routing key you should upgrade as soon as possible.","references":[{"reference_url":"http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html","reference_id":"","reference_type":"","scores":[],"url":"http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52342?format=json","purl":"pkg:composer/cakephp/cakephp@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-f8wn-raej-7qg4"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-zbjb-pafr-uudq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/201148?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-f8wn-raej-7qg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1"}],"aliases":["GMS-2015-17"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzjr-cpgd-uba7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37891?format=json","vulnerability_id":"VCID-wyxz-rb2r-zfck","summary":"Unreliable data validation\nThere's a flow in Validation::compare() and Validation::range() that makes possible to pass validation criteria using crafted data.","references":[{"reference_url":"http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html","reference_id":"","reference_type":"","scores":[],"url":"http://bakery.cakephp.org/2015/08/06/cakephp_2_5_9_2_6_10_2_7_2_released.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52342?format=json","purl":"pkg:composer/cakephp/cakephp@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-f8wn-raej-7qg4"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-zbjb-pafr-uudq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/201148?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-f8wn-raej-7qg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1"}],"aliases":["GMS-2015-18"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wyxz-rb2r-zfck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37937?format=json","vulnerability_id":"VCID-zbjb-pafr-uudq","summary":"Unsafe view template filenames result in a Remote File Inclusion vulnerability.","references":[{"reference_url":"http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html","reference_id":"","reference_type":"","scores":[],"url":"http://bakery.cakephp.org/2015/11/05/cakephp_3015_314_2612_276_released.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52392?format=json","purl":"pkg:composer/cakephp/cakephp@2.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-f8wn-raej-7qg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/201148?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-f8wn-raej-7qg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/52393?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-dha1-eyc9-7qff"},{"vulnerability":"VCID-f8wn-raej-7qg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/201982?format=json","purl":"pkg:composer/cakephp/cakephp@3.1.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-dha1-eyc9-7qff"},{"vulnerability":"VCID-f8wn-raej-7qg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/52394?format=json","purl":"pkg:composer/cakephp/cakephp@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-dha1-eyc9-7qff"},{"vulnerability":"VCID-f8wn-raej-7qg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.1.4"}],"aliases":["GMS-2015-41"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbjb-pafr-uudq"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.7.0-stable"}