Advisories for Composer/Yiisoft/Yii2-Redis package

2025

Yii 2 Redis may expose AUTH parameters in logs in case of connection failure

On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs.

2018

Remote code execution

Redis extension of Yii 2 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack.