Описание
Yii Incorrectly Implements CORS
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Пакеты
Наименование
yiisoft/yii2
composer
Затронутые версииВерсия исправления
< 2.0.16
2.0.16
Связанные уязвимости
CVSS3: 5.9
nvd
около 7 лет назад
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
CVSS3: 5.9
debian
около 7 лет назад
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into ...