[HIGH] Possibility of manipulated condition when unfiltered input is passed to `yii\elasticsearch\ActiveRecord::findOne()` and `::findAll()`

PKSA-pfq3-c7vk-w5bg CVE-2018-8074 GHSA-m2p5-fwp2-qcw2

Affected package: yiisoft/yii2-elasticsearch

Affected version: <2.0.5

Reported by:
GitHub, FriendsOfPHP/security-advisories