Candidate: CVE-2019-11458
PublicDate: 2019-05-08 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11458
 https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
 https://github.com/cakephp/cakephp/pull/13153
 https://bakery.cakephp.org/2019/04/23/cakephp_377_3615_3518_released.html
 https://github.com/cakephp/cakephp/commits/master
 https://github.com/cakephp/cakephp/compare/3.7.6...3.7.7
 https://github.com/cakephp/cakephp/releases
Description:
 An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized
 object with modified internal properties can trigger arbitrary file
 overwriting upon destruction.
Ubuntu-Description:
Notes:
 ebarretto> Vulnerable code introduced in 3.0.0
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_cakephp:
upstream_cakephp: not-affected (debian: Vulnerable code introduced in 3.0.0)
precise/esm_cakephp: DNE
trusty/esm_cakephp: DNE
xenial_cakephp: not-affected (code not present)
bionic_cakephp: DNE
cosmic_cakephp: ignored (reached end-of-life)
disco_cakephp: not-affected (code not present)
devel_cakephp: not-affected (code not present)