VYPR
High severityNVD Advisory· Published Sep 15, 2020· Updated Aug 4, 2024

Unsafe deserialization in Yii 2

CVE-2020-15148

Description

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize() on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
yiisoft/yii2Packagist
< 2.0.382.0.38

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.