yiisoft/yii2 Security Advisories for 2.0.13.2 (4)
-
[MEDIUM] Yii Incorrectly Implements CORS
PKSA-9gg1-dnxr-781q CVE-2018-20745 GHSA-cr6r-6xm9-ww22
Affected version: <2.0.16
Reported by:
GitHub -
[HIGH] Possible remote code execution via unserialize() on user input containing specially crafted string
PKSA-qmd6-d7pz-yk89 CVE-2020-15148 GHSA-699q-wcff-g9mj
Affected version: <2.0.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
PKSA-rkx4-rmt9-k26g CVE-2018-6010
Affected version: <2.0.14
Reported by:
FriendsOfPHP/security-advisories -
The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity
PKSA-tgtc-bnhk-szjb CVE-2018-6009
Affected version: <2.0.14
Reported by:
FriendsOfPHP/security-advisories