EPSS
Percentile
35.4%
yiisoft/yii2 is vulnerable to cross-origin resource sharing (CORS) bypass. It is possible because Yii2 CORS filter exposes origin header value when the policy is configured to wildcard origins.
github.com/jnunemaker/flipper/pull/397
www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf