Описание
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| yii | itp | package |
EPSS
Процентиль: 88%
0.03836
Низкий
Связанные уязвимости
CVSS3: 8.1
nvd
около 3 лет назад
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
CVSS3: 8.1
github
около 3 лет назад
Prevent RCE when deserializing untrusted user input
EPSS
Процентиль: 88%
0.03836
Низкий