3 matches found
Deserialization Of Untrusted Data
yiisoft/yii2-dev is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling in the getIterator function of symfony\finder\Iterator\SortableIterator.php, which allows an attacker to execute arbitrary code remotely...
Deserialization of Untrusted Data
Overview yiisoft/yii2-dev is a Fast, Secure and Professional PHP Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Symfony getIterator function. Details Serialization is a process of converting an object into a sequence of bytes which can be...
Use of Insufficiently Random Values in yiisoft/yii2-dev
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...