Packagist (Composer) package
yiisoft/yii2-redis
pkg:composer/yiisoft/yii2-redis
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-48493 | — | < 2.0.20 | 2.0.20 | Jun 5, 2025 | The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be | ||
| CVE-2018-8073 | — | < 2.0.8 | 2.0.8 | Mar 21, 2018 | Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension. |
- CVE-2025-48493Jun 5, 2025affected < 2.0.20fixed 2.0.20
The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be
- CVE-2018-8073Mar 21, 2018affected < 2.0.8fixed 2.0.8
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.