GHSA-3mpg-q26j-83j5

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-3mpg-q26j-83j5/GHSA-3mpg-q26j-83j5.json
Aliases
  • CVE-2020-36655
Published
2023-01-21T03:30:28Z
Modified
2023-01-31T02:36:01.665448Z
Details

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.

References

Affected packages

Packagist / yiisoft/yii2-gii

yiisoft/yii2-gii

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.2.2

Affected versions

2.*

2.0.0
2.0.0-alpha
2.0.0-beta
2.0.0-rc
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.2.0
2.2.1