Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/cakephp/cakephp@3.7.0

Type composer

Namespace cakephp

Name cakephp

Version 3.7.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.10.3

Latest_non_vulnerable_version 5.3.1

Affected_by_vulnerabilities

url VCID-cp8q-ar71-mqdf

vulnerability_id VCID-cp8q-ar71-mqdf

summary

Cross-Site Request Forgery (CSRF)
CakePHP mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15400

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24635
published_at	2026-06-04T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24735
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15400

reference_url

https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html

reference_url

https://bakery.cakephp.org/2022/05/08/cakephp_3103_released.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2022/05/08/cakephp_3103_released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15400

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985673
reference_id	985673
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985673

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15400

reference_id

CVE-2020-15400

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15400

reference_url

https://github.com/advisories/GHSA-j33j-fg2g-mcv2

reference_id

GHSA-j33j-fg2g-mcv2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j33j-fg2g-mcv2

fixed_packages

url	pkg:composer/cakephp/cakephp@3.10.3
purl	pkg:composer/cakephp/cakephp@3.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.10.3

url pkg:composer/cakephp/cakephp@4.0.6

purl pkg:composer/cakephp/cakephp@4.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xsdu-qsw4-ebaz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@4.0.6

aliases CVE-2020-15400, GHSA-j33j-fg2g-mcv2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cp8q-ar71-mqdf

url VCID-dha1-eyc9-7qff

vulnerability_id VCID-dha1-eyc9-7qff

summary

Unsafe deserialization in SmtpTransport in CakePHP
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11458

reference_id

reference_type

scores

value	0.00527
scoring_system	epss
scoring_elements	0.67432
published_at	2026-06-05T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67391
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11458

reference_url

https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html

reference_url

https://github.com/cakephp/cakephp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp

reference_url

https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e

reference_url

https://github.com/cakephp/cakephp/commit/81412fbe2cb88a304dbeeece1955bc0aec98edb1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/81412fbe2cb88a304dbeeece1955bc0aec98edb1

reference_url

https://github.com/cakephp/cakephp/commit/c25b91bf7c72db43c01b47a634fd02112ff9f1cd

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commit/c25b91bf7c72db43c01b47a634fd02112ff9f1cd

reference_url

https://github.com/cakephp/cakephp/commits/master

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/commits/master

reference_url

https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7

reference_url

https://github.com/cakephp/cakephp/releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cakephp/cakephp/releases

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11458

reference_id

CVE-2019-11458

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11458

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/CVE-2019-11458.yaml

reference_id

CVE-2019-11458.YAML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/CVE-2019-11458.yaml

reference_url

https://github.com/advisories/GHSA-qhrx-hcm6-pmrw

reference_id

GHSA-qhrx-hcm6-pmrw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qhrx-hcm6-pmrw

fixed_packages

url pkg:composer/cakephp/cakephp@3.7.7

purl pkg:composer/cakephp/cakephp@3.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cp8q-ar71-mqdf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.7.7

aliases CVE-2019-11458, GHSA-qhrx-hcm6-pmrw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dha1-eyc9-7qff

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.7.0

Package Instance