Packagist (Composer) package
yiisoft/yii2-gii
pkg:composer/yiisoft/yii2-gii
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-36655 | — | < 2.2.2 | 2.2.2 | Jan 21, 2023 | Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file. | ||
| CVE-2022-34297 | — | <= 2.2.4 | — | Dec 9, 2022 | Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. |
- CVE-2020-36655Jan 21, 2023affected < 2.2.2fixed 2.2.2
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
- CVE-2022-34297Dec 9, 2022affected <= 2.2.4
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.