Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2020-15148
HistorySep 15, 2020 - 7:15 p.m.

CVE-2020-15148

2020-09-1519:15:12
Google
osv.dev
6

9.6 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize() on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.

CPENameOperatorVersion
yii2eq2.0.0-beta
yii2eq2.0.31
yii2eq2.0.16
yii2eq2.0.21
yii2eq2.0.9
yii2eq2.0.14.2
yii2eq2.0.23
yii2eq2.0.24
yii2eq2.0.37
yii2eq2.0.16.1
Rows per page:
1-10 of 481

Related

cvelist 1
githubexploit 1
veracode 1
friendsofphp 1
osv 1
nuclei 1
cve 1
prion 1
nvd 1
github 1
cvelist
cvelist
CVE-2020-15148 Unsafe deserialization in Yii 2
2020-09-15 18:25:12
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Yiiframework Yii
2020-09-21 03:55:55
veracode
veracode
Remote Code Execution (RCE)
2020-09-16 01:39:51
friendsofphp
friendsofphp
Possible remote code execution via unserialize() on user input containing specially crafted string
2020-09-14 21:15:51
osv
osv
Unsafe deserialization in Yii 2
2020-09-15 18:19:56
nuclei
nuclei
Yii 2 < 2.0.38 - Remote Code Execution
2021-03-29 20:47:04
cve
cve
CVE-2020-15148
2020-09-15 19:15:12
prion
prion
Remote code execution
2020-09-15 19:15:00
nvd
nvd
CVE-2020-15148
2020-09-15 19:15:12
github
github
Unsafe deserialization in Yii 2
2020-09-15 18:19:56

9.6 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON
Related for OSV:CVE-2020-15148
cvelist1githubexploit1veracode1friendsofphp1osv1nuclei1cve1prion1nvd1github1