GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP

GHSA-j5vv-6wjg-cfr8: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

GHSA-w95c-7994-ghpr: TCPDF has incorrect comparison

GHSA-qx95-cwh6-9mvq: TCPDF missing character escape on error messages

GHSA-9mgx-552f-59p6: TCPDF missing certificate validation

RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads.

**Package**

composer cakephp/cakephp (Composer)

**Affected versions**

\>= 3.0.0, < 3.0.6

\>= 2.0.0, < 2.0.99

\>= 2.1.0, < 2.1.99

\>= 2.2.0, < 2.2.99

\>= 2.3.0, < 2.3.99

\>= 2.4.0, < 2.4.99

\>= 2.5.0, < 2.5.90

\>= 2.6.0, < 2.6.6

**Patched versions**

3.0.6

2.0.99

2.1.99

2.2.99

2.3.99

2.4.99

2.5.90

2.6.6

Headline

GHSA-q79m-c546-2g63: CakePHP vulnerable to Denial of Service attack through XML payloads

ghsa: Latest News