RSS   Vulnerabilities for 'YII'   RSS

2021-08-10
 
CVE-2021-3689

CWE-330
 

 
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

 
2020-09-15
 
CVE-2020-15148

CWE-502
 

 
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.

 
2017-07-21
 
CVE-2017-11516

 

 
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.

 

 >>> Vendor: Yiiframework 2 Products
Yiiframework
YII


Copyright 2022, cxsecurity.com

 

Back to Top