Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/yiisoft/yii2-dev@2.0.12.2

Type composer

Namespace yiisoft

Name yii2-dev

Version 2.0.12.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.0.0-alpha1

Latest_non_vulnerable_version 3.0.0-alpha1

Affected_by_vulnerabilities

url VCID-6rub-m94d-jfct

vulnerability_id VCID-6rub-m94d-jfct

summary

Use of Insufficiently Random Values
yii2 is vulnerable to use of predictable algorithm in a random number generator

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3689

reference_id

reference_type

scores

value	0.00449
scoring_system	epss
scoring_elements	0.63925
published_at	2026-06-04T12:55:00Z

value	0.00449
scoring_system	epss
scoring_elements	0.63965
published_at	2026-06-07T12:55:00Z

value	0.00449
scoring_system	epss
scoring_elements	0.63976
published_at	2026-06-06T12:55:00Z

value	0.00449
scoring_system	epss
scoring_elements	0.63968
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3689

reference_url

https://github.com/yiisoft/yii2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2

reference_url

https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46

reference_url

https://huntr.dev/bounties/50aad1d4-eb00-4573-b8a4-dbe38e2c229f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/50aad1d4-eb00-4573-b8a4-dbe38e2c229f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3689

reference_id

CVE-2021-3689

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3689

reference_url

https://github.com/advisories/GHSA-hq3v-rg6f-6hx4

reference_id

GHSA-hq3v-rg6f-6hx4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hq3v-rg6f-6hx4

fixed_packages

url pkg:composer/yiisoft/yii2-dev@2.0.43

purl pkg:composer/yiisoft/yii2-dev@2.0.43

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x388-wd41-tkh3

vulnerability	VCID-xrgb-33bd-ckat

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.43

aliases CVE-2021-3689, GHSA-hq3v-rg6f-6hx4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rub-m94d-jfct

url VCID-gb9u-t143-vker

vulnerability_id VCID-gb9u-t143-vker

summary

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3692

reference_id

reference_type

scores

value	0.00358
scoring_system	epss
scoring_elements	0.5833
published_at	2026-06-04T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58376
published_at	2026-06-07T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58385
published_at	2026-06-06T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58377
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3692

reference_url

https://github.com/yiisoft/yii2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2

reference_url

https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46

reference_url

https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3692

reference_id

CVE-2021-3692

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3692

reference_url

https://github.com/advisories/GHSA-wwvv-x5mq-h3jj

reference_id

GHSA-wwvv-x5mq-h3jj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wwvv-x5mq-h3jj

fixed_packages

url pkg:composer/yiisoft/yii2-dev@2.0.43

purl pkg:composer/yiisoft/yii2-dev@2.0.43

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x388-wd41-tkh3

vulnerability	VCID-xrgb-33bd-ckat

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.43

aliases CVE-2021-3692, GHSA-wwvv-x5mq-h3jj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gb9u-t143-vker

url VCID-gwmb-kcz9-d7b9

vulnerability_id VCID-gwmb-kcz9-d7b9

summary

Deserialization of Untrusted Data
Yii 2 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15148

reference_id

reference_type

scores

value	0.93433
scoring_system	epss
scoring_elements	0.99827
published_at	2026-06-05T12:55:00Z

value	0.93433
scoring_system	epss
scoring_elements	0.99826
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15148

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2020-15148.yaml

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2020-15148.yaml

reference_url

https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99

reference_url

https://www.yiiframework.com/news/303/yii-2-0-38

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.yiiframework.com/news/303/yii-2-0-38

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15148

reference_id

CVE-2020-15148

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15148

reference_url

https://github.com/advisories/GHSA-699q-wcff-g9mj

reference_id

GHSA-699q-wcff-g9mj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-699q-wcff-g9mj

reference_url

https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj

reference_id

GHSA-699q-wcff-g9mj

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj

fixed_packages

url pkg:composer/yiisoft/yii2-dev@2.0.38

purl pkg:composer/yiisoft/yii2-dev@2.0.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6rub-m94d-jfct

vulnerability	VCID-gb9u-t143-vker

vulnerability	VCID-x388-wd41-tkh3

vulnerability	VCID-xrgb-33bd-ckat

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.38

aliases CVE-2020-15148, GHSA-699q-wcff-g9mj

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwmb-kcz9-d7b9

url VCID-vf2s-s6dr-nqhf

vulnerability_id VCID-vf2s-s6dr-nqhf

summary

Origin Validation Error
Yii actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20745

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.3021
published_at	2026-06-04T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30219
published_at	2026-06-07T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30248
published_at	2026-06-06T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30284
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20745

reference_url

https://github.com/yiisoft/yii2/issues/16193

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2/issues/16193

reference_url

https://github.com/yiisoft/yii2/pull/16198

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2/pull/16198

reference_url

https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20745

reference_id

CVE-2018-20745

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20745

reference_url	https://github.com/advisories/GHSA-cr6r-6xm9-ww22
reference_id	GHSA-cr6r-6xm9-ww22
reference_type
scores
url	https://github.com/advisories/GHSA-cr6r-6xm9-ww22

fixed_packages

url pkg:composer/yiisoft/yii2-dev@2.0.16

purl pkg:composer/yiisoft/yii2-dev@2.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6rub-m94d-jfct

vulnerability	VCID-gb9u-t143-vker

vulnerability	VCID-gwmb-kcz9-d7b9

vulnerability	VCID-x388-wd41-tkh3

vulnerability	VCID-xrgb-33bd-ckat

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.16

url	pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
purl	pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1

aliases CVE-2018-20745, GHSA-cr6r-6xm9-ww22

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vf2s-s6dr-nqhf

url VCID-x388-wd41-tkh3

vulnerability_id VCID-x388-wd41-tkh3

summary

yiisoft Yii2 Deserialization of Untrusted Data
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2689

reference_id

reference_type

scores

value	0.0011
scoring_system	epss
scoring_elements	0.28981
published_at	2026-06-07T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29017
published_at	2026-06-06T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29051
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2689

reference_url

https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/

url

https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md

reference_url

https://github.com/yiisoft/yii2

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/yiisoft/yii2

reference_url

https://vuldb.com/?ctiid.300710

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/

url

https://vuldb.com/?ctiid.300710

reference_url

https://vuldb.com/?id.300710

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/

url

https://vuldb.com/?id.300710

reference_url

https://vuldb.com/?submit.521709

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:16:58Z/

url

https://vuldb.com/?submit.521709

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-2689

reference_id

CVE-2025-2689

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-2689

reference_url	https://github.com/advisories/GHSA-88m2-j94x-v4fx
reference_id	GHSA-88m2-j94x-v4fx
reference_type
scores
url	https://github.com/advisories/GHSA-88m2-j94x-v4fx

fixed_packages

url pkg:composer/yiisoft/yii2-dev@2.0.46

purl pkg:composer/yiisoft/yii2-dev@2.0.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xrgb-33bd-ckat

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.46

aliases CVE-2025-2689, GHSA-88m2-j94x-v4fx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x388-wd41-tkh3

url VCID-xrgb-33bd-ckat

vulnerability_id VCID-xrgb-33bd-ckat

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26750

reference_id

reference_type

scores

value	0.11017
scoring_system	epss
scoring_elements	0.93582
published_at	2026-06-06T12:55:00Z

value	0.11017
scoring_system	epss
scoring_elements	0.9358
published_at	2026-06-07T12:55:00Z

value	0.11017
scoring_system	epss
scoring_elements	0.93571
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26750

reference_url

https://github.com/yiisoft/yii2/issues/19755

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/

url

https://github.com/yiisoft/yii2/issues/19755

reference_url

https://github.com/yiisoft/yii2/issues/19755#issuecomment-1426155955

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/

url

https://github.com/yiisoft/yii2/issues/19755#issuecomment-1426155955

reference_url

https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505390813

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/

url

https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505390813

reference_url

https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505560351

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T15:42:39Z/

url

https://github.com/yiisoft/yii2/issues/19755#issuecomment-1505560351

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26750

reference_id

CVE-2023-26750

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26750

reference_url

https://github.com/advisories/GHSA-gq63-p39p-jrjf

reference_id

GHSA-gq63-p39p-jrjf

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gq63-p39p-jrjf

fixed_packages

url	pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
purl	pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@3.0.0-alpha1

aliases CVE-2023-26750, GHSA-gq63-p39p-jrjf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrgb-33bd-ckat

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.12.2

Package Instance