Описание
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitThird Party Advisory
- Press/Media CoverageVDB Entry
- Press/Media CoverageVDB Entry
- Press/Media CoverageVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 2.0.45 (включая)
cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00234
Низкий
6.3 Medium
CVSS3
9.8 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20
CWE-502
Связанные уязвимости
CVSS3: 6.3
debian
11 месяцев назад
A vulnerability, which was classified as critical, has been found in y ...
CVSS3: 8.8
fstec
11 месяцев назад
Уязвимость функции getIterator файла symfony\finder\Iterator\SortableIterator.php PHP фреймворка Yii, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 46%
0.00234
Низкий
6.3 Medium
CVSS3
9.8 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20
CWE-502