Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/cakephp/cakephp@4.1.3
Typecomposer
Namespacecakephp
Namecakephp
Version4.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.4
Latest_non_vulnerable_version5.3.1
Affected_by_vulnerabilities
0
url VCID-xsdu-qsw4-ebaz
vulnerability_id VCID-xsdu-qsw4-ebaz
summary 
Cross-Site Request Forgery (CSRF)
A vulnerability exists in CakePHP The `CsrfProtectionMiddleware` component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35239
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40293
published_at 2026-06-09T12:55:00Z
1
value 0.00187
scoring_system epss
scoring_elements 0.40252
published_at 2026-06-04T12:55:00Z
2
value 0.00187
scoring_system epss
scoring_elements 0.40333
published_at 2026-06-05T12:55:00Z
3
value 0.00187
scoring_system epss
scoring_elements 0.40336
published_at 2026-06-06T12:55:00Z
4
value 0.00187
scoring_system epss
scoring_elements 0.40309
published_at 2026-06-07T12:55:00Z
5
value 0.00187
scoring_system epss
scoring_elements 0.40279
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35239
1
reference_url https://bakery.cakephp.org/2020/12/07/cakephp_4010_released.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bakery.cakephp.org/2020/12/07/cakephp_4010_released.html
2
reference_url https://github.com/cakephp/cakephp
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cakephp/cakephp
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35239
reference_id CVE-2020-35239
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35239
4
reference_url https://github.com/advisories/GHSA-9pgx-pf36-w46r
reference_id GHSA-9pgx-pf36-w46r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9pgx-pf36-w46r
fixed_packages
0
url pkg:composer/cakephp/cakephp@4.1.4
purl pkg:composer/cakephp/cakephp@4.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@4.1.4
aliases CVE-2020-35239, GHSA-9pgx-pf36-w46r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsdu-qsw4-ebaz
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@4.1.3