Search for packages
| purl | pkg:composer/cakephp/cakephp@2.2.99 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6x9m-nyfs-a7hq | CakePHP vulnerable to Denial of Service attack through XML payloads RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads. |
GHSA-q79m-c546-2g63
GMS-2023-71 |
| VCID-cz9h-hf83-eycy | CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation. |
GHSA-p76f-wr22-4rv6
GMS-2023-70 |
| VCID-qun9-tgkq-d7an | CakePHP allows direct access of prefixed controller actions Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters. |
GHSA-6hg4-vp5q-47mw
GMS-2023-67 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:43:49.760735+00:00 | GitLab Importer | Fixing | VCID-cz9h-hf83-eycy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml | 38.6.0 |
| 2026-06-02T04:43:49.415581+00:00 | GitLab Importer | Fixing | VCID-qun9-tgkq-d7an | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-67.yml | 38.6.0 |
| 2026-06-02T04:43:49.111523+00:00 | GitLab Importer | Fixing | VCID-6x9m-nyfs-a7hq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-71.yml | 38.6.0 |