CVE-2019-11458 – cakephp/cakephp

Package

Manager: composer
Name: cakephp/cakephp
Vulnerable Version: >=3.0.0 <3.5.18 || >=3.6.0 <3.6.15 || >=3.7.0 <3.7.7

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00558 pctl0.67229

Details

Unsafe deserialization in SmtpTransport in CakePHP An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.

Metadata

Created: 2019-12-02T18:12:26Z
Modified: 2025-05-29T22:52:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-qhrx-hcm6-pmrw/GHSA-qhrx-hcm6-pmrw.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-qhrx-hcm6-pmrw
Finding: F096
Auto approve: 1