High severityNVD Advisory· Published Jan 20, 2021· Updated Aug 4, 2024
CVE-2020-35239
CVE-2020-35239
Description
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cakephp/cakephpPackagist | >= 4.0.0, < 4.0.10 | 4.0.10 |
cakephp/cakephpPackagist | >= 4.1.0, < 4.1.4 | 4.1.4 |
Affected products
2- CakePHP/CakePHPdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-9pgx-pf36-w46rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-35239ghsaADVISORY
- bakery.cakephp.org/2020/12/07/cakephp_4010_released.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.