CakePHP version 3.0.5 suffers from server-side request forgery attacks that can cause a denial of service condition.