Headline
GHSA-829q-v5g8-hhxc: CakePHP has incorrect Cross-Site Request Forgery validation
CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data.
CakePHP has incorrect Cross-Site Request Forgery validation
Moderate severity GitHub Reviewed Published Jan 20, 2023 • Updated Jan 20, 2023