pkg:composer/yiisoft/yii2-dev
Type
composer
Namespace
yiisoft
Name
yii2-dev
Known advisories, vulnerabilities and fixes for yii2-dev package.
Critical
2
High
2
Medium
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 2.0.4 |
CVE-2015-3397
|
 PHP:YIISOFT-YII2-DEV-2015-3397
|
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks | medium |
2015-05-10T03:38:17
(9 years ago) |
|
| Affected | < 2.0.5 |
CVE-2015-5467
|
PHP:YIISOFT-YII2-DEV-2015-5467
|
class yii\web\ViewAction allowed to include arbitrary files that end with .php | critical |
2015-07-10T18:12:53
(9 years ago) |
|
| Affected | < 2.0.14 |
CVE-2018-6009
|
PHP:YIISOFT-YII2-DEV-2018-6009
|
The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity | high |
2018-01-13T23:13:00
(6 years ago) |
|
| Affected | < 2.0.14 |
CVE-2018-6010
|
PHP:YIISOFT-YII2-DEV-2018-6010
|
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode. | high |
2018-01-22T08:41:00
(6 years ago) |
|
| Affected | >= 2.0.13, < 2.0.13.2 < 2.0.12.1 >= 2.0.14, < 2.0.15 |
CVE-2018-7269
|
PHP:YIISOFT-YII2-DEV-2018-7269
|
Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()` | critical |
2018-03-20T11:51:46
(6 years ago) |