GHSA-qhrx-hcm6-pmrw

Source

https://github.com/advisories/GHSA-qhrx-hcm6-pmrw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-qhrx-hcm6-pmrw/GHSA-qhrx-hcm6-pmrw.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qhrx-hcm6-pmrw

Aliases

CVE-2019-11458

Published

2019-12-02T18:12:26Z

Modified

2025-05-29T23:01:00.999968Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Unsafe deserialization in SmtpTransport in CakePHP

Details

An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.

Database specific

{
    "nvd_published_at": "2019-05-08T18:29:00Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "HIGH",
    "github_reviewed_at": "2019-12-02T00:51:02Z",
    "github_reviewed": true
}

References

Affected packages

Packagist / cakephp/cakephp

Package

Name: cakephp/cakephp
Purl: pkg:composer/cakephp/cakephp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.5.18

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.1.0-beta

3.1.0-beta2

3.1.0-RC1

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

3.1.11

3.1.12

3.1.13

3.1.14

3.2.0-RC1

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

3.2.11

3.2.12

3.2.13

3.2.14

3.3.0-beta

3.3.0-beta2

3.3.0-beta3

3.3.0-RC1

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.3.10

3.3.11

3.3.12

3.3.13

3.3.14

3.3.15

3.3.16

3.4.0-beta1

3.4.0-beta2

3.4.0-beta3

3.4.0-beta4

3.4.0-RC1

3.4.0-RC2

3.4.0-RC3

3.4.0-RC4

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.4.10

3.4.11

3.4.12

3.4.13

3.4.14

3.5.0-RC1

3.5.0-RC2

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.6

3.5.7

3.5.8

3.5.9

3.5.10

3.5.11

3.5.12

3.5.13

3.5.14

3.5.15

3.5.16

3.5.17

Packagist / cakephp/cakephp

Package

Name: cakephp/cakephp
Purl: pkg:composer/cakephp/cakephp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.6.0

Fixed

3.6.15

Affected versions

3.*

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.6.7

3.6.8

3.6.9

3.6.10

3.6.11

3.6.12

3.6.13

3.6.14

Packagist / cakephp/cakephp

Package

Name: cakephp/cakephp
Purl: pkg:composer/cakephp/cakephp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.7.0

Fixed

3.7.7

Affected versions

3.*

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6