Vulnerabilidades en yiisoft
14 resultadosCVE-2024-4990HIGHUnsafe Reflection in base Component class in yiisoft/yii2EPSS 79.5%CVE-2020-15148HIGHUnsafe deserialization in Yii 2EPSS 79.2%CVE-2023-47130HIGHUnsafe deserialization of user data in yiisoft/yiiEPSS 3.1%CVE-2021-3689HIGHUse of Predictable Algorithm in Random Number Generator in yiisoft/yii2EPSS 1.9%CVE-2021-3692HIGHUse of Predictable Algorithm in Random Number Generator in yiisoft/yii2EPSS 1.7%CVE-2022-41922HIGHyiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user inputEPSS 1.1%CVE-2023-50708MEDIUMyii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementationEPSS 0.7%CVE-2025-2690MEDIUMyiisoft Yii2 MockClass.php generate deserializationEPSS 0.6%CVE-2025-2689MEDIUMyiisoft Yii2 SortableIterator.php getIterator deserializationEPSS 0.5%CVE-2023-50714MEDIUMThe Oauth2 PKCE implementation is vulnerableEPSS 0.5%CVE-2026-39850HIGHYii 2: Local file inclusion via view parameter name collisionEPSS 0.4%CVE-2024-32877MEDIUMReflected Cross-site Scripting in yiisoft/yii2 Debug modeEPSS 0.3%CVE-2025-48493MEDIUMYii 2 Redis may expose AUTH paramters in logs in case of connection failureEPSS 0.3%CVE-2025-32027MEDIUMYii does not prevent XSS in scenarios where fallback error renderer is usedEPSS 0.2%