CVE-2018-20745

Name of the Vulnerable Software and Affected Versions: Yii versions 2.x through 2.0.15.1

Description: The issue arises from the active conversion of a wildcard CORS policy into reflecting an arbitrary Origin header value. This behavior is incompatible with the CORS security design and could lead to CORS misconfiguration security problems.

Recommendations: For versions 2.x through 2.0.15.1, consider disabling the automatic conversion of wildcard CORS policies to prevent reflecting arbitrary Origin header values until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation.