{
  "schema_version": "1.7.0",
  "id": "MGASA-2016-0044",
  "published": "2016-02-05T17:26:09Z",
  "modified": "2016-02-05T17:14:57Z",
  "summary": "Updated cakephp package fixes security vulnerability",
  "details": "CakePHP, an open-source web application framework for PHP, was vulnerable\nto SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize\nit for at least DoS (Denial of Service) attacks, if the target application\naccepts XML as an input. It is caused by insecure design of Cake's Xml\nclass.\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2016-0044.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=17003"
    },
    {
      "type": "WEB",
      "url": "http://lwn.net/Alerts/661886/"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "cakephp",
        "purl": "pkg:rpm/mageia/cakephp?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.21-2.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}