From c243c4223cd8197183f996c77432b3d979d1f651 Mon Sep 17 00:00:00 2001
From: Henrique Cabral <hocabral37@gmail.com>
Date: Tue, 7 Jan 2025 09:59:23 -0300
Subject: [PATCH 1/2] New Vuln: Open Redirect in Cakephp (php)

---
 input/new.json | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/input/new.json b/input/new.json
index 87646b9..79878b2 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,15 +1,21 @@
 {
-  "package_name": "",
-  "patch_versions": [],
-  "vulnerable_ranges": [],
-  "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
+  "package_name": "cakephp/cakephp",
+  "patch_versions": [
+    "5.1.4",
+    "4.5.9"
+  ],
+  "vulnerable_ranges": [
+    ["5.0.0", "5.1.2"],
+    ["3.0.0", "4.5.8"]
+  ],
+  "cwe": ["CWE-601"],
+  "tldr": "Affected versions of this package are affected by Open redirect due to improper handling of encoded forward slashes (%2F) when reading request URIs. These paths may be misinterpreted as a single slash (/), resulting in unexpected routing behavior. This problem could potentially be exploited to create open redirect attacks, allowing an attacker to redirect users to malicious sites.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `cakephp/cakephp` library to the patch version.",
+  "vulnerable_to": "Open Redirect",
   "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "language": "php",
+  "severity_class": "MEDIUM",
+  "aikido_score": 63,
+  "changelog": "https://github.com/cakephp/cakephp/releases"
 }

From 32bb8540cb5f7be9a5a75c3f9eeb73db7fd06a61 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 7 Jan 2025 13:59:24 +0000
Subject: [PATCH 2/2] Move new vulnerability to
 vulnerabilities/AIKIDO-2025-10005.json and reset new.json template

---
 input/new.json                         | 30 ++++++++++---------------
 vulnerabilities/AIKIDO-2025-10005.json | 31 ++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 18 deletions(-)
 create mode 100644 vulnerabilities/AIKIDO-2025-10005.json

diff --git a/input/new.json b/input/new.json
index 79878b2..87646b9 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,21 +1,15 @@
 {
-  "package_name": "cakephp/cakephp",
-  "patch_versions": [
-    "5.1.4",
-    "4.5.9"
-  ],
-  "vulnerable_ranges": [
-    ["5.0.0", "5.1.2"],
-    ["3.0.0", "4.5.8"]
-  ],
-  "cwe": ["CWE-601"],
-  "tldr": "Affected versions of this package are affected by Open redirect due to improper handling of encoded forward slashes (%2F) when reading request URIs. These paths may be misinterpreted as a single slash (/), resulting in unexpected routing behavior. This problem could potentially be exploited to create open redirect attacks, allowing an attacker to redirect users to malicious sites.",
-  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
-  "how_to_fix": "Upgrade the `cakephp/cakephp` library to the patch version.",
-  "vulnerable_to": "Open Redirect",
+  "package_name": "",
+  "patch_versions": [],
+  "vulnerable_ranges": [],
+  "cwe": [],
+  "tldr": "",
+  "doest_this_affect_me": "",
+  "how_to_fix": "",
+  "vulnerable_to": "",
   "related_cve_id": "",
-  "language": "php",
-  "severity_class": "MEDIUM",
-  "aikido_score": 63,
-  "changelog": "https://github.com/cakephp/cakephp/releases"
+  "language": "",
+  "severity_class": "",
+  "aikido_score": 0,
+  "changelog": ""
 }
diff --git a/vulnerabilities/AIKIDO-2025-10005.json b/vulnerabilities/AIKIDO-2025-10005.json
new file mode 100644
index 0000000..acd204a
--- /dev/null
+++ b/vulnerabilities/AIKIDO-2025-10005.json
@@ -0,0 +1,31 @@
+{
+  "package_name": "cakephp/cakephp",
+  "patch_versions": [
+    "5.1.4",
+    "4.5.9"
+  ],
+  "vulnerable_ranges": [
+    [
+      "5.0.0",
+      "5.1.2"
+    ],
+    [
+      "3.0.0",
+      "4.5.8"
+    ]
+  ],
+  "cwe": [
+    "CWE-601"
+  ],
+  "tldr": "Affected versions of this package are affected by Open redirect due to improper handling of encoded forward slashes (%2F) when reading request URIs. These paths may be misinterpreted as a single slash (/), resulting in unexpected routing behavior. This problem could potentially be exploited to create open redirect attacks, allowing an attacker to redirect users to malicious sites.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `cakephp/cakephp` library to the patch version.",
+  "vulnerable_to": "Open Redirect",
+  "related_cve_id": "",
+  "language": "php",
+  "severity_class": "MEDIUM",
+  "aikido_score": 63,
+  "changelog": "https://github.com/cakephp/cakephp/releases",
+  "last_modified": "2025-01-07",
+  "published": "2025-01-07"
+}