GHSA-442f-wcwq-fpcf

Source
https://github.com/advisories/GHSA-442f-wcwq-fpcf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-442f-wcwq-fpcf/GHSA-442f-wcwq-fpcf.json
Aliases
  • CVE-2022-41922
Published
2022-11-21T22:32:04Z
Modified
2023-11-08T04:10:35.814812Z
Details

Impact

Affected versions of yiisoft/yii are vulnerable to Remote Code Execution (RCE) if the application calls unserialize() on arbitrary user input.

Patches

Upgrade yiisoft/yii to version 1.1.27 or higher.

For more information

See the following links for more details: - Git commit - https://owasp.org/www-community/vulnerabilities/PHPObjectInjection

If you have any questions or comments about this advisory, contact us through security form.

References

Affected packages

Packagist / yiisoft/yii

Package

Name
yiisoft/yii

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.1.27

Affected versions

1.*

1.1.14-rc
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.20
1.1.21
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26