{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44248?format=json","vulnerability_id":"VCID-6x9m-nyfs-a7hq","summary":"CakePHP vulnerable to Denial of Service attack through XML payloads\nRequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads.","aliases":[{"alias":"GHSA-q79m-c546-2g63"},{"alias":"GMS-2023-71"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52287?format=json","purl":"pkg:composer/cakephp/cakephp@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-f8wn-raej-7qg4"},{"vulnerability":"VCID-qzjr-cpgd-uba7"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-wyxz-rb2r-zfck"},{"vulnerability":"VCID-zbjb-pafr-uudq"},{"vulnerability":"VCID-zfgg-dd4t-zyhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.6"},{"url":"http://public2.vulnerablecode.io/api/packages/52288?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-dha1-eyc9-7qff"},{"vulnerability":"VCID-f8wn-raej-7qg4"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-zbjb-pafr-uudq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.6"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51832?format=json","purl":"pkg:composer/cakephp/cakephp@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6x9m-nyfs-a7hq"},{"vulnerability":"VCID-ajr2-5q7d-j3be"},{"vulnerability":"VCID-cz9h-hf83-eycy"},{"vulnerability":"VCID-qun9-tgkq-d7an"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-saae-h7cg-q7cb"},{"vulnerability":"VCID-yps8-ffx6-3fay"},{"vulnerability":"VCID-zfgg-dd4t-zyhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52281?format=json","purl":"pkg:composer/cakephp/cakephp@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6x9m-nyfs-a7hq"},{"vulnerability":"VCID-cz9h-hf83-eycy"},{"vulnerability":"VCID-qun9-tgkq-d7an"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-yps8-ffx6-3fay"},{"vulnerability":"VCID-zfgg-dd4t-zyhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52282?format=json","purl":"pkg:composer/cakephp/cakephp@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6x9m-nyfs-a7hq"},{"vulnerability":"VCID-cz9h-hf83-eycy"},{"vulnerability":"VCID-qun9-tgkq-d7an"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-yps8-ffx6-3fay"},{"vulnerability":"VCID-zfgg-dd4t-zyhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52283?format=json","purl":"pkg:composer/cakephp/cakephp@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6x9m-nyfs-a7hq"},{"vulnerability":"VCID-cz9h-hf83-eycy"},{"vulnerability":"VCID-qun9-tgkq-d7an"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-yps8-ffx6-3fay"},{"vulnerability":"VCID-zfgg-dd4t-zyhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52284?format=json","purl":"pkg:composer/cakephp/cakephp@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6x9m-nyfs-a7hq"},{"vulnerability":"VCID-cz9h-hf83-eycy"},{"vulnerability":"VCID-qun9-tgkq-d7an"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-yps8-ffx6-3fay"},{"vulnerability":"VCID-zfgg-dd4t-zyhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52285?format=json","purl":"pkg:composer/cakephp/cakephp@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6x9m-nyfs-a7hq"},{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-cz9h-hf83-eycy"},{"vulnerability":"VCID-f8wn-raej-7qg4"},{"vulnerability":"VCID-qun9-tgkq-d7an"},{"vulnerability":"VCID-qzjr-cpgd-uba7"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-wyxz-rb2r-zfck"},{"vulnerability":"VCID-yps8-ffx6-3fay"},{"vulnerability":"VCID-zbjb-pafr-uudq"},{"vulnerability":"VCID-zfgg-dd4t-zyhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52286?format=json","purl":"pkg:composer/cakephp/cakephp@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6x9m-nyfs-a7hq"},{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-cz9h-hf83-eycy"},{"vulnerability":"VCID-f8wn-raej-7qg4"},{"vulnerability":"VCID-qun9-tgkq-d7an"},{"vulnerability":"VCID-qzjr-cpgd-uba7"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-wyxz-rb2r-zfck"},{"vulnerability":"VCID-yps8-ffx6-3fay"},{"vulnerability":"VCID-zbjb-pafr-uudq"},{"vulnerability":"VCID-zfgg-dd4t-zyhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@2.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52268?format=json","purl":"pkg:composer/cakephp/cakephp@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6x9m-nyfs-a7hq"},{"vulnerability":"VCID-cp8q-ar71-mqdf"},{"vulnerability":"VCID-cyxs-ap7s-a7az"},{"vulnerability":"VCID-cz9h-hf83-eycy"},{"vulnerability":"VCID-dha1-eyc9-7qff"},{"vulnerability":"VCID-f8wn-raej-7qg4"},{"vulnerability":"VCID-s536-vx42-xbhk"},{"vulnerability":"VCID-wg63-y8w2-6qc6"},{"vulnerability":"VCID-yps8-ffx6-3fay"},{"vulnerability":"VCID-zbjb-pafr-uudq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0"}],"references":[{"reference_url":"https://bakery.cakephp.org/2015/05/28/cakephp_2_6_6_and_3_0_6_released.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bakery.cakephp.org/2015/05/28/cakephp_2_6_6_and_3_0_6_released.html"},{"reference_url":"https://github.com/cakephp/cakephp","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cakephp/cakephp"},{"reference_url":"https://github.com/cakephp/cakephp/commit/c186487151356a8d7c6e2cae05f87b9df0e59fbb","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cakephp/cakephp/commit/c186487151356a8d7c6e2cae05f87b9df0e59fbb"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-05-28.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/2015-05-28.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q79m-c546-2g63","reference_id":"GHSA-q79m-c546-2g63","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q79m-c546-2g63"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6x9m-nyfs-a7hq"}