yiisoft/yii2-dev
Packagist6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting yiisoft/yii2-devpage 1 of 1
- CVE-2017-11516MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.0.132017-07-21
vulnerable: 2.0.12, 2.0.12.1, 2.0.12.2
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.
- CVE-2018-6009HIGHCVSS 8.8EG 8.8✓ Fixed in 2.0.142018-01-22
vulnerable: 2.0.0 ... 2.0.9 (24 versions)
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
- CVE-2018-7269CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.152018-03-21
vulnerable: 2.0.14, 2.0.14.1, 2.0.14.2
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to saniti…
- CVE-2018-8074HIGHCVSS 8.1EG 8.1✓ Fixed in 2.0.152018-03-21
vulnerable: 2.0.0 ... 2.0.9 (24 versions)
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
- CVE-2021-3689HIGHCVSS 7.5EG 7.5✓ Fixed in 2.0.432021-08-10
vulnerable: 2.0.0 ... 2.0.9 (62 versions)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
- CVE-2021-3692MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.0.432021-08-10
vulnerable: 2.0.0 ... 2.0.9 (62 versions)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Check whether yiisoft/yii2-dev is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for yiisoft/yii2-dev CVEs against the assets you own.
Start Free Scan →