Skip to main content

Origin Validation Error

CVE-2018-20745

Severity Medium
Score 5.9/10

Summary

Yii before 2.0.16 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.

  • HIGH
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-346 - Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

Advisory Timeline

  • Published