Security Advisory

CVE-2018-20745

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-01-28 08:00:00

Last updated 2024-09-17 00:56:20

Assigner mitre

State PUBLISHED

Description

Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.

← Browse all CVEs View on cve.org ↗