Описание
Prevent RCE when deserializing untrusted user input
Impact
Affected versions of yiisoft/yii are vulnerable to Remote Code Execution (RCE) if the application calls unserialize() on arbitrary user input.
Patches
Upgrade yiisoft/yii to version 1.1.27 or higher.
For more information
See the following links for more details:
If you have any questions or comments about this advisory, contact us through security form.
Пакеты
Наименование
yiisoft/yii
composer
Затронутые версииВерсия исправления
< 1.1.27
1.1.27
Связанные уязвимости
CVSS3: 8.1
nvd
около 3 лет назад
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
CVSS3: 8.1
debian
около 3 лет назад
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Exec ...