CVE-2018-6010: Information Exposure

January 22, 2018 (updated November 12, 2019)

In Yii Framework, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.

References

github.com/yiisoft/yii2/pull/15534
nvd.nist.gov/vuln/detail/CVE-2018-6010

Detect and mitigate CVE-2018-6010 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →