pkg:composer/yiisoft/yii2
Type
composer
Namespace
yiisoft
Name
yii2
Known advisories, vulnerabilities and fixes for yii2 package.
- Repository
- https://packagist.org/packages/yiisoft/yii2
Critical
3
High
2
Medium
1
None
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 2.0.4 |
CVE-2015-3397
|
 PHP:YIISOFT-YII2-2015-3397
|
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks | medium |
2015-05-10T03:38:17
(9 years ago) |
|
| Affected | < 2.0.5 |
CVE-2015-5467
|
PHP:YIISOFT-YII2-2015-5467
|
class yii\web\ViewAction allowed to include arbitrary files that end with .php | critical |
2015-07-10T18:12:53
(9 years ago) |
|
| Affected | < 2.0.14 |
CVE-2018-6009
|
PHP:YIISOFT-YII2-2018-6009
|
The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity | high |
2018-01-13T23:13:00
(6 years ago) |
|
| Affected | < 2.0.14 |
CVE-2018-6010
|
PHP:YIISOFT-YII2-2018-6010
|
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode. | high |
2018-01-22T08:41:00
(6 years ago) |
|
| Affected | >= 2.0.13, < 2.0.13.2 < 2.0.12.1 >= 2.0.14, < 2.0.15 |
CVE-2018-7269
|
PHP:YIISOFT-YII2-2018-7269
|
Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()` | critical |
2018-03-20T11:51:46
(6 years ago) |
|
| Affected | < 2.0.38 |
CVE-2020-15148
|
PHP:YIISOFT-YII2-2020-15148
|
Possible remote code execution via unserialize() on user input containing specially crafted string | critical |
2020-09-14T21:15:51
(4 years ago) |
|
| Affected | < 2.0.49.4 |
CVE-2024-4990
|
PHP:YIISOFT-YII2-2024-4990
|
Unsafe Reflection in base Component class |
2024-06-04T16:23:00
(3 months ago) |