Skip to content

[GHSA-hhpq-7wg4-36jm] CakePHP Authentication: Open redirect weakness via backslash bypass#8485

Open
markstory wants to merge 1 commit into
markstory/advisory-improvement-8485from
markstory-GHSA-hhpq-7wg4-36jm
Open

[GHSA-hhpq-7wg4-36jm] CakePHP Authentication: Open redirect weakness via backslash bypass#8485
markstory wants to merge 1 commit into
markstory/advisory-improvement-8485from
markstory-GHSA-hhpq-7wg4-36jm

Conversation

@markstory

Copy link
Copy Markdown

Updates

  • Affected products
  • Description

Comments
Updating version range as 2.x was also vulnerable and has been patched now.

@github

github commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Hi there @markstory! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

Copilot AI review requested due to automatic review settings July 3, 2026 22:04
@github-actions github-actions Bot changed the base branch from main to markstory/advisory-improvement-8485 July 3, 2026 22:06

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the OSV advisory record for GHSA-hhpq-7wg4-36jm (CakePHP Authentication open redirect via backslash bypass) to reflect expanded affected versions and updated patch information.

Changes:

  • Updated advisory metadata (modified) and patch guidance in details to include the 2.11.1 fix.
  • Refined the 3.x affected range to start at 3.0.0 instead of 0.
  • Added a new affected range intended to cover the 2.x line (fixed in 2.11.1).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants