Vulnerability Description
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cakephp | Cakephp | 3.7.6 |
Related Weaknesses (CWE)
References
- https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.htmlThird Party Advisory
- https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345fPatchThird Party Advisory
- https://github.com/cakephp/cakephp/commits/masterPatchThird Party Advisory
- https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7PatchThird Party Advisory
- https://github.com/cakephp/cakephp/releasesRelease NotesThird Party Advisory
- https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.htmlThird Party Advisory
- https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345fPatchThird Party Advisory
- https://github.com/cakephp/cakephp/commits/masterPatchThird Party Advisory
- https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7PatchThird Party Advisory
- https://github.com/cakephp/cakephp/releasesRelease NotesThird Party Advisory
FAQ
What is CVE-2019-11458?
CVE-2019-11458 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.
How severe is CVE-2019-11458?
CVE-2019-11458 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11458?
Check the references section above for vendor advisories and patch information. Affected products include: Cakephp Cakephp.