{"id":"CVE-2018-6010","details":"In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.","aliases":["GHSA-8gfq-c54m-3rf6"],"modified":"2026-03-14T09:30:09.833792Z","published":"2018-01-22T22:29:00.270Z","references":[{"type":"REPORT","url":"https://github.com/yiisoft/yii2/issues/14711"},{"type":"REPORT","url":"https://github.com/yiisoft/yii2/pull/15534"},{"type":"FIX","url":"https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yiisoft/yii2","events":[{"introduced":"0"},{"last_affected":"ae8d9782707b89315194ec70a139fece122b8977"},{"introduced":"0"},{"last_affected":"b0018e36439fa8b59b204e5e23820672777c1add"},{"introduced":"0"},{"last_affected":"8bbcff70db9a7513e0a5f3916a9c7bbdc4d1c099"},{"introduced":"0"},{"last_affected":"d2b864da84a68d56a96709479af78d203f050451"},{"introduced":"0"},{"last_affected":"84b42abad0b447bd25415ac707cef9d56012c9e2"},{"introduced":"0"},{"last_affected":"d7462656f75f2eecd2c67790e18d5ac9999a6062"},{"introduced":"0"},{"last_affected":"985119350b2badf7f0bfe49ea610540212f4c7d3"},{"introduced":"0"},{"last_affected":"cf0541fd591b5ae155899724f3bbd9fd4e35dae4"},{"introduced":"0"},{"last_affected":"bf7edc52504c69c9dd7b079d060edf6d25183c7a"},{"introduced":"0"},{"last_affected":"89eb3dff144cffeb1b72107a235afc345ac2320e"},{"introduced":"0"},{"last_affected":"9b5f6cb188b5b7a5309f36de17a6cf263def3582"},{"introduced":"0"},{"last_affected":"731769241bb727a259552ec0e66aaf30d44e9b66"},{"introduced":"0"},{"last_affected":"ee92cfa7ba618bf4acc19ab540eaa674b828a092"},{"introduced":"0"},{"last_affected":"11fe407ad0af51765fbd35e008d0986f7f3bb840"},{"introduced":"0"},{"last_affected":"c19b2f7dc8f487f0a867f2cacab68b8e86b7a8f9"},{"introduced":"0"},{"last_affected":"2cce93adaef0aaef304130d4a1a49064643767f1"},{"introduced":"0"},{"last_affected":"278548029a071648c440670ebb16dca1b32421e3"},{"introduced":"0"},{"last_affected":"be658f82bf515f1c1040cb6f987280f436258dc0"},{"introduced":"0"},{"last_affected":"2d672b67223b8d930f0f444b113d0a13fbd551c0"},{"introduced":"0"},{"last_affected":"1d7f6cd20e24dfa486e72cc9fc87cfbe7008e084"},{"fixed":"6b0be47e0fa9c532e03b07b4369050582fcf5c7a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0"},{"introduced":"0"},{"last_affected":"2.0.0-alpha"},{"introduced":"0"},{"last_affected":"2.0.0-beta"},{"introduced":"0"},{"last_affected":"2.0.0-rc"},{"introduced":"0"},{"last_affected":"2.0.1"},{"introduced":"0"},{"last_affected":"2.0.2"},{"introduced":"0"},{"last_affected":"2.0.3"},{"introduced":"0"},{"last_affected":"2.0.4"},{"introduced":"0"},{"last_affected":"2.0.5"},{"introduced":"0"},{"last_affected":"2.0.6"},{"introduced":"0"},{"last_affected":"2.0.7"},{"introduced":"0"},{"last_affected":"2.0.8"},{"introduced":"0"},{"last_affected":"2.0.9"},{"introduced":"0"},{"last_affected":"2.0.10"},{"introduced":"0"},{"last_affected":"2.0.11"},{"introduced":"0"},{"last_affected":"2.0.11.1"},{"introduced":"0"},{"last_affected":"2.0.11.2"},{"introduced":"0"},{"last_affected":"2.0.12"},{"introduced":"0"},{"last_affected":"2.0.13"},{"introduced":"0"},{"last_affected":"2.0.13.1"}]}}],"versions":["2.0.0","2.0.0-alpha","2.0.0-beta","2.0.0-rc","2.0.1","2.0.10","2.0.11","2.0.11.1","2.0.11.2","2.0.12","2.0.13","2.0.13.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6010.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}