CVE-2018-8074: Injection of search conditions

March 21, 2018 (updated April 20, 2018)

Elasticsearch extension of Yii 2 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack.

References

nvd.nist.gov/vuln/detail/CVE-2018-8074
www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes

Detect and mitigate CVE-2018-8074 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →