[HIGH] Yii Framework Code Injection

PKSA-sxhn-698f-dpfd CVE-2018-8074 GHSA-m2p5-fwp2-qcw2

Affected version: >=2.0.0,<2.0.15

Reported by:
GitHub

[HIGH] Use of Insufficiently Random Values in yiisoft/yii2-dev

PKSA-gr88-dv3s-951n CVE-2021-3689 GHSA-hq3v-rg6f-6hx4

Affected version: <2.0.43

Reported by:
GitHub

[MEDIUM] Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev

PKSA-26mg-s28k-sb3m CVE-2021-3692 GHSA-wwvv-x5mq-h3jj

Affected version: <2.0.43

Reported by:
GitHub

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

PKSA-2342-4j8y-2xvc CVE-2018-6010

Affected version: <2.0.14

Reported by:
FriendsOfPHP/security-advisories

[HIGH] The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity

PKSA-w352-mtnh-r175 CVE-2018-6009 GHSA-cwhm-272p-3wj9

Affected version: <2.0.14

Reported by:
GitHub, FriendsOfPHP/security-advisories