Candidate: CVE-2012-4399
PublicDate: 2012-10-09 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4399
 http://seclists.org/bugtraq/2012/Jul/101
 http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
 http://osvdb.org/show/osvdb/84042
Description:
 The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows
 remote attackers to read arbitrary files via XML data containing external
 entity references, aka an XML external entity (XXE) injection attack.
Ubuntu-Description:
Notes:
 tyhicks> Per upstream advisory, 1.2 and 1.3 is not affected
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_cakephp:
upstream_cakephp: not-affected
hardy_cakephp: not-affected
lucid_cakephp: not-affected
natty_cakephp: not-affected
oneiric_cakephp: not-affected
precise_cakephp: not-affected
devel_cakephp: not-affected (1.3.15-1)