[MEDIUM] JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

PKSA-98w7-zrnb-gcw4 CVE-2015-3397 GHSA-w2xx-jp9f-gp8g

Affected package: yiisoft/yii2

Affected version: <2.0.4

Reported by:
GitHub, FriendsOfPHP/security-advisories