Lucene search

Cross-origin Resource Sharing (CORS) Bypass

🗓️ 29 Jan 2019 01:27:59Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 17 Views

Yii2 CORS filter exposes origin header value due to wildcard origins

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
CVE	CVE-2018-20745	28 Jan 201908:29	–	cve
OSV	CVE-2018-20745	28 Jan 201908:29	–	osv
OSV	GHSA-CR6R-6XM9-WW22 Yii Incorrectly Implements CORS	14 May 202201:33	–	osv
Cvelist	CVE-2018-20745	28 Jan 201908:00	–	cvelist
NVD	CVE-2018-20745	28 Jan 201908:29	–	nvd
Github Security Blog	Yii Incorrectly Implements CORS	14 May 202201:33	–	github
Prion	Code injection	28 Jan 201908:29	–	prion

Vulners

Node

yii2_fileapi_widget_project yiisoft/yii2Range2.0.0-rc–2.0.15.1php

Source	Link
github	www.github.com/jnunemaker/flipper/pull/397
github	www.github.com/yiisoft/yii2/issues/16193
usenix	www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Jan 2019 01:59Current

5.8Medium risk

Vulners AI Score5.8

CVSS24.3

CVSS35.9

EPSS0.00118