CVE-2018-20745

2019-01-28T08:29:00
ID CVE-2018-20745
Type cve
Reporter cve@mitre.org
Modified 2019-02-20T16:26:00

Description

Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.