Headline
GHSA-j9q2-f9q7-jhgq: CakePHP SecurityComponent cross form submission issue
Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues.
CakePHP SecurityComponent cross form submission issue
Moderate severity GitHub Reviewed Published Jan 20, 2023 • Updated Jan 20, 2023