CVE-2023-47130

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-47130

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47130.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-47130

Aliases

GHSA-mw2w-2hj2-fg8q

Withdrawn

2024-05-15T05:33:00.924722Z

Published

2023-11-14T21:15:11Z

Modified

2023-11-29T10:20:02.773489Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls unserialize() on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/yiisoft/yii

Affected ranges

Type: GIT
Repo: https://github.com/yiisoft/yii
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

37142be4dc5831114a375392e86d6450d4951c06

Affected versions

1.*

1.0a

1.0rc

1.1.0

1.1.10

1.1.11

1.1.12

1.1.13

1.1.13-RC

1.1.14

1.1.14-rc

1.1.15

1.1.16

1.1.17

1.1.18

1.1.19

1.1.20

1.1.21

1.1.22

1.1.23

1.1.24

1.1.25

1.1.26

1.1.27

1.1.28

1.1.3

1.1.4

1.1.7

1.1.8

1.1.9

1.1b

1.1rc