yiisoft/yii2 is a Yii PHP Framework.
Affected versions of this package are vulnerable to Broken CORS (Cross-Origin Resource Sharing).
It converts a wildcard
CORS policy into reflecting an arbitrary origin header value, which is incompatible with the
CORS security design, and could lead to
CORS misconfiguration security problems.
yiisoft/yii2 to version 2.0.16 or higher.