An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.
References
Link | Resource |
---|---|
https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html | Third Party Advisory |
https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e | Patch Third Party Advisory |
https://github.com/cakephp/cakephp/commits/master | Patch Third Party Advisory |
https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7 | Patch Third Party Advisory |
https://github.com/cakephp/cakephp/releases | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-08T17:07:54
Updated: 2019-05-08T17:07:54
Reserved: 2019-04-22T00:00:00
Link: CVE-2019-11458
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-05-08T18:29:00.453
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-11458
JSON object: View
Redhat Information
No data.
CWE