CVE-2018-6010

Name of the Vulnerable Software and Affected Versions: Yii Framework versions prior to 2.0.14

Description: The issue allows remote attackers to obtain potentially sensitive information from exception messages or exploit reflected XSS on the error handler page in non-debug mode. This is related to the files base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.

Recommendations: For versions prior to 2.0.14, update to version 2.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the error handler page or disabling non-debug mode until a patch is available.