Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Yii 2 Redis may expose AUTH paramters in logs in case of connection failure
Vulnerability Description
The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
CVSS Information
N/A
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
yii2-redis 日志信息泄露漏洞
Vulnerability Description
yii2-redis是yii开源的一个扩展。 yii2-redis 2.0.20之前版本存在日志信息泄露漏洞,该漏洞源于日志中明文记录AUTH参数,可能导致凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A