In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
References
Link | Resource |
---|---|
https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a | |
https://github.com/yiisoft/yii2/issues/14711 | |
https://github.com/yiisoft/yii2/pull/15534 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-22T22:00:00
Updated: 2019-11-12T16:34:11
Reserved: 2018-01-22T00:00:00
Link: CVE-2018-6010
JSON object: View
NVD Information
Status : Modified
Published: 2018-01-22T22:29:00.270
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-6010
JSON object: View
Redhat Information
No data.
CWE