The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "cakephp", "binary_version": "1.3.15-1+deb7u2build0.14.04.1" }, { "binary_name": "cakephp-scripts", "binary_version": "1.3.15-1+deb7u2build0.14.04.1" } ] }
{ "ubuntu_priority": "medium" }