[cakephp/cakephp] Cross-Site Request Forgery in CakePHP

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-15400
• https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html
• https://bakery.cakephp.org/2022/05/08/cakephp_3103_released.html
• https://github.com/advisories/GHSA-j33j-fg2g-mcv2