GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP

GHSA-j5vv-6wjg-cfr8: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

GHSA-w95c-7994-ghpr: TCPDF has incorrect comparison

GHSA-qx95-cwh6-9mvq: TCPDF missing character escape on error messages

GHSA-9mgx-552f-59p6: TCPDF missing certificate validation

CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.

**Package**

composer cakephp/cakephp (Composer)

**Affected versions**

\>= 2.0.0, < 2.0.99

\>= 2.1.0, < 2.1.99

\>= 2.2.0, < 2.2.99

\>= 2.3.0, < 2.3.99

\>= 2.4.0, < 2.4.99

\>= 2.5.0, < 2.5.99

\>= 2.6.0, < 2.6.12

\>= 2.7.0, < 2.7.6

\>= 3.0.0, < 3.0.15

\>= 3.1.0, < 3.1.4

**Patched versions**

2.0.99

2.1.99

2.2.99

2.3.99

2.4.99

2.5.99

2.6.12

2.7.6

3.0.15

3.1.4

Headline

GHSA-p76f-wr22-4rv6: CakePHP vulnerable to Remote File Inclusion through View template name manipulation

ghsa: Latest News