Search by 
yiisoft/yii2-dev Security Advisories for 2.0.13.2 (2)
-
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
Affected version: <2.0.14
Reported by:
FriendsOfPHP/security-advisories -
The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity
Affected version: <2.0.14
Reported by:
FriendsOfPHP/security-advisories