CVE-2016-4793: Improper Input Validation

January 23, 2017 (updated October 23, 2018)

The clientIp function in CakePHP allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

References

bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html
nvd.nist.gov/vuln/detail/CVE-2016-4793

Detect and mitigate CVE-2016-4793 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →