CVE-2018-19454
The connected document identifies a concrete vulnerability in yiisoft/yii2: information disclosure caused by credentials (e.g., HTTP auth username/password) being logged in the application’s logging target (\yii\log\Target). An attacker who can access the log files could retrieve these credential...