CVE-2018-20745

Published January 28th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.

yiisoft/yii2

Yii 2: The Fast, Secure and Professional PHP Framework

GitHub

14.3K