Описание
CakePHP has incorrect Cross-Site Request Forgery validation
CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data.
Пакеты
Наименование
cakephp/cakephp
composer
Затронутые версииВерсия исправления
>= 3.0.0, < 3.0.4
3.0.4
Дефекты
CWE-352
Дефекты
CWE-352