CVE-2018-8073: Remote code execution

March 21, 2018 (updated April 17, 2018)

Redis extension of Yii 2 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack.

References

nvd.nist.gov/vuln/detail/CVE-2018-8073
www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes

Detect and mitigate CVE-2018-8073 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →