yiisoft/yii2 is a framework designed to be a solid foundation for PHP application.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). The switchIdentity function in
web/User.php did not regenerate the CSRF token upon a change of identity.
yiisoft/yii2 to version 2.0.14 or higher.