Moderate severityOSV Advisory· Published Jan 28, 2019· Updated Sep 17, 2024
CVE-2018-20745
CVE-2018-20745
Description
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yiisoft/yii2Packagist | < 2.0.16 | 2.0.16 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-cr6r-6xm9-ww22ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20745ghsaADVISORY
- github.com/yiisoft/yii2/issues/16193ghsax_refsource_MISCWEB
- github.com/yiisoft/yii2/pull/16198ghsaWEB
- www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdfghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.