You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Prevent RCE when deserializing untrusted user input
High severity
GitHub Reviewed
Published
Nov 21, 2022
in
yiisoft/yii
•
Updated Feb 3, 2023
Impact
Affected versions of
yiisoft/yii
are vulnerable to Remote Code Execution (RCE) if the application callsunserialize()
on arbitrary user input.Patches
Upgrade
yiisoft/yii
to version 1.1.27 or higher.For more information
See the following links for more details:
If you have any questions or comments about this advisory, contact us through security form.
References