High severityNVD Advisory· Published May 8, 2019· Updated Aug 4, 2024
CVE-2019-11458
CVE-2019-11458
Description
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cakephp/cakephpPackagist | >= 3.0.0, < 3.5.18 | 3.5.18 |
cakephp/cakephpPackagist | >= 3.6.0, < 3.6.15 | 3.6.15 |
cakephp/cakephpPackagist | >= 3.7.0, < 3.7.7 | 3.7.7 |
Affected products
2- CakePHP/CakePHPdescription
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-qhrx-hcm6-pmrwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-11458ghsaADVISORY
- bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.htmlghsax_refsource_CONFIRMWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/cakephp/cakephp/CVE-2019-11458.yamlghsaWEB
- github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4eghsax_refsource_CONFIRMWEB
- github.com/cakephp/cakephp/commit/81412fbe2cb88a304dbeeece1955bc0aec98edb1ghsaWEB
- github.com/cakephp/cakephp/commit/c25b91bf7c72db43c01b47a634fd02112ff9f1cdghsaWEB
- github.com/cakephp/cakephp/commits/masterghsax_refsource_MISCWEB
- github.com/cakephp/cakephp/compare/3.7.6...3.7.7ghsax_refsource_MISCWEB
- github.com/cakephp/cakephp/releasesghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.