PKSA-tgtc-bnhk-szjb Security Advisory
-
[HIGH] The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity
PKSA-tgtc-bnhk-szjb CVE-2018-6009 GHSA-cwhm-272p-3wj9
Affected package: yiisoft/yii2
Affected version: <2.0.14
Reported by:
GitHub, FriendsOfPHP/security-advisories