3 matches found
CVE-2018-20745
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...
CVE-2018-20745
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...
CVE-2018-20745
CVE-2018-20745 affects Yii 2.x up to 2.0.15.1, where a wildcard CORS policy is actively reflected in responses by echoing the Origin header. This behavior contravenes CORS design and can cause CORS misconfiguration security problems. The connected records confirm the core issue is the wildcard-or...