Описание
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cakephp | removed | package | ||
| cakephp | ignored | bullseye | package | |
| cakephp | ignored | buster | package | |
| cakephp | no-dsa | stretch | package |
EPSS
Процентиль: 38%
0.0017
Низкий
Связанные уязвимости
CVSS3: 4.3
ubuntu
больше 5 лет назад
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
CVSS3: 4.3
nvd
больше 5 лет назад
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
EPSS
Процентиль: 38%
0.0017
Низкий