CVE-2022-41922

CVSS V2 None CVSS V3 None
Description
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
Overview
  • CVE ID
  • CVE-2022-41922
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-23T18:15:12
  • Last Modified Date
  • 2022-11-30T13:44:59
Weakness Enumerations
CWE URL
CWE-502 http://cwe.mitre.org/data/definitions/502.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:* 1 OR 1.1.27
References
Reference URL Reference Tags
https://github.com/yiisoft/yii/security/advisories/GHSA-442f-wcwq-fpcf
https://github.com/yiisoft/yii/commit/ed67b7cc57216557c5c595c6650cdd2d3aa41c52
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-41922
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41922
History
Created Old Value New Value Data Type Notes
2022-11-23 19:00:16 Added to TrackCVE
2022-12-07 18:02:11 2022-11-23T18:15Z 2022-11-23T18:15:12 CVE Published Date updated
2022-12-07 18:02:11 2022-11-30T13:44:59 CVE Modified Date updated
2022-12-07 18:02:11 Analyzed Vulnerability Status updated
2022-12-07 18:02:13 CPE Information updated