[MEDIUM] Yii Incorrectly Implements CORS

PKSA-9gg1-dnxr-781q CVE-2018-20745 GHSA-cr6r-6xm9-ww22

Affected version: <2.0.16

Reported by:
GitHub

[HIGH] Possible remote code execution via unserialize() on user input containing specially crafted string

PKSA-qmd6-d7pz-yk89 CVE-2020-15148 GHSA-699q-wcff-g9mj

Affected version: <2.0.38

Reported by:
GitHub, FriendsOfPHP/security-advisories