GHSA-hhpq-7wg4-36jmMedium
CakePHP Authentication: Open redirect weakness via backslash bypass
🔗 CVE IDs covered (1)
📋 Description
Impact
The getLoginRedirect() method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames.
Patches
3.3.6 and 4.1.1 contain a fix for this issue.
Workarounds
If you are unable to upgrade, you should consider adding application validation to the redirect query string parameter to mitigate this vulnerability.
🎯 Affected products2
- composer/cakephp/authentication:< 3.3.6
- composer/cakephp/authentication:>= 4.0.0, < 4.1.1