GHSA-m2p5-fwp2-qcw2

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m2p5-fwp2-qcw2/GHSA-m2p5-fwp2-qcw2.json

Aliases

CVE-2018-8074

Published

2022-05-24T16:56:44Z

Modified

2023-09-15T11:21:24.827083Z

Details

Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-8074
http://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/

Affected packages

Packagist / yiisoft/yii2-dev

Source Details

Package Name: yiisoft/yii2-dev

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0

Fixed

2.0.15

Affected versions

2.*

2.0.0-alpha

2.0.0-beta

2.0.0-rc

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.11.1

2.0.11.2

2.0.12

2.0.12.1

2.0.12.2

2.0.13

2.0.13.1

2.0.13.2

2.0.13.3

2.0.14

2.0.14.1

2.0.14.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}