Moderate severityNVD Advisory· Published Jun 30, 2020· Updated Aug 4, 2024
CVE-2020-15400
CVE-2020-15400
Description
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cakephp/cakephpPackagist | >= 4.0.0, < 4.0.6 | 4.0.6 |
cakephp/cakephpPackagist | < 3.10.3 | 3.10.3 |
Affected products
2- CakePHP/CakePHPdescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-j33j-fg2g-mcv2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15400ghsaADVISORY
- bakery.cakephp.org/2020/04/18/cakephp_406_released.htmlghsax_refsource_MISCWEB
- bakery.cakephp.org/2022/05/08/cakephp_3103_released.htmlghsaWEB
News mentions
0No linked articles in our index yet.